Overview
Application security (AppSec) involves measures taken throughout the software development life cycle (SDLC) to ensure that applications are resilient to attacks. This includes web applications, mobile apps, and desktop software.
Common Practices
- Static Application Security Testing (SAST): Analyzing source code for vulnerabilities.
- Dynamic Application Security Testing (DAST): Testing running applications for security flaws.
- Software Composition Analysis (SCA): Identifying vulnerabilities in third-party libraries and dependencies.
Key Threats
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Insecure Direct Object References (IDOR)