English 
Русский 
简体中文 
Português do Brasil 
Français 
Español 
Türkçe 
Polski 
Tiếng Việt 
한국어 
Nederlands 
Italiano 
日本語 
Eesti 
Čeština 
മലയാളം 
Bahasa Melayu 
हिन्दी 
اردو 
Bahasa Indonesia 
Safe WebApplication security is the practice of developing computer software with security features that defend against malicious attacks, or malevolent interference. It involves identifying and resolving security vulnerabilities in application software and protecting with appropriate controls, such as authentication, authorization and encryption.
Application security is an important component of computer and network security, as application software is increasingly the target of malicious attacks. Vulnerabilities can range from buffer overflows to server-side injection attacks such as SQL injection, and cross-site scripting (XSS). Application security is an active and challenging field, as attackers employ increasingly sophisticated methods to breach applications and systems.
Application security encompasses a range of techniques, from requirements and design through exogenous threats. Coding practices at the source-code level, architectural design, and use of secure coding best practices are widely accepted as baseline security controls. Quality assurance (QA) and security testing processes help to identify any security issues before and during the deployment of applications.
Additionally, organizations must consider the application architecture and environment to mitigate certain threats. Such considerations might include mitigating against attackers gaining access to the source code or data stores, protecting over the network, filtering for malicious inputs, preventing misuse of the application, and preventing unauthorized access or use.
To reduce the risk of security threats, organizations must also remain aware of vulnerabilities in third-party applications and address the security gaps within their own applications. This can include static code analysis, threat modeling, dynamic testing, manual source code scanning, input validation, and application hardening. Making use of professional security services and software can also be extremely helpful for organizations to maintain a secure application environment.
