Application Security
Application Security (AppSec)
Also known as: AppSec, Software security
Definition
The discipline of designing, building, testing and operating software so it resists abuse, tampering and unauthorized access throughout its lifecycle.
Examples
- Adding Semgrep SAST scans and Snyk SCA checks to a GitHub Actions pipeline.
- Running an OWASP ZAP DAST scan against a staging environment before each release.
Related terms
Secure Software Development Lifecycle (SSDLC)
A development lifecycle in which security activities are embedded into every phase, from requirements and design through coding, testing, release and operations.
DevSecOps
A culture and set of practices that integrates security responsibilities into DevOps workflows so engineers ship secure software continuously and at speed.
Shift-Left Security
The practice of moving security activities earlier in the software lifecycle so vulnerabilities are found and fixed before code reaches production.
SAST (Static Application Security Testing)
Automated analysis of source code, bytecode or binaries — without executing it — to find security weaknesses such as injection, unsafe APIs or insecure crypto.
DAST (Dynamic Application Security Testing)
Black-box security testing that probes a running application over the network to find vulnerabilities visible only at runtime, such as injection, auth flaws and misconfigurations.
OWASP Top 10
OWASP Top 10 — definition coming soon.