In ancient Greek legend, the Ship of Theseus was preserved for generations by replacing each plank and timber as it wore out — until philosophers asked: if every piece has been swapped out, is it still the same ship? In this talk, Kevin Tackett will explore how that same paradox haunts modern application security. Today’s applications are assembled almost entirely from external components — third-party APIs, open-source libraries, cloud services, and SaaS platforms — leaving organizations owning remarkably little of the actual code executing in their environment. Drawing from penetration testing engagements against these modern architectures, he will examine how trust boundaries blur when applications are built from parts you didn’t write, how traditional testing methodologies fall short when you cannot access the underlying systems, and how to identify risks that live in the seams between services rather than within them. Each piece of the ship may be seaworthy on its own, but the way they are fastened together often tells a different story.