What is AppSec

AppSec is short for Application Security. As the name implies, it is a discipline of securing an application, particularly in the domain of software.

What it means

AppSec includes all tasks that introduce a secure software development life cycle (SDLC).

The tasks include the following operations:

An SDLC includes the following phases:

That means each phase in an SDLC has three different AppSec tasks: find, fix, and prevent issues.


What are issues, and what type of issues are there?

Since AppSec focuses on software security, the issues can be of the following, all of which are related to cybersecurity:

How to address issues

The following are the methods to find, fix, and prevent issues:

An analysis type, for example software composition analysis (SCA), can employ one or more of the above methods, depending on how it is implemented.

Assessing security software products

When evaluating a security software product, take note on the following: