This document summarizes a presentation about the future of web application security. It discusses how security practitioners and developers have skewed views of security. It notes how compliance, processes, people, and tools need to change to improve security. Developers will not prioritize security without requirements to do so. Tools and frameworks need to make security the default instead of something that must be explicitly added.