The foundational concepts behind application and software security.
10 articlesA code security audit is a systematic expert review of source code to find vulnerabilities, insecure patterns, and compliance gaps that automated tools may miss.
A security vulnerability is a weakness in software or configuration that attackers can exploit. Understanding types, severity, and lifecycle is essential for prevention.
Application security (AppSec) is the discipline of protecting software from threats using SAST, DAST, SCA, and secure coding practices throughout the development lifecycle.
Application security testing (AST) encompasses SAST, DAST, SCA, and penetration testing to find vulnerabilities in software before attackers do.
DevSecOps integrates security into every stage of the DevOps pipeline, shifting from end-of-cycle security gates to continuous automated security throughout development.
Secure coding is the practice of writing software that resists vulnerabilities by validating input, managing secrets, and applying security principles throughout development.
Secure SDLC integrates security into every phase of software development, from requirements and threat modeling through implementation, testing, and ongoing maintenance.
Shift left security moves security activities earlier in the SDLC, catching vulnerabilities during design and development when they are cheapest and fastest to fix.
Software security is the discipline of building and operating software that resists attack, covering secure coding, dependency management, secret handling, and the full SDLC.
The Software Development Lifecycle (SDLC) is the structured process for planning, designing, building, testing, deploying, and maintaining software, with security embedded at each phase.