Application-Security

Secure coding is the practice of writing software in ways that reduce common security flaws and make applications safer to operate.

SQL injection is an application flaw that lets untrusted input interfere with database queries in unintended and dangerous ways.

Cross-site scripting is a web-application flaw that allows untrusted content to run in a user's browser in the context of a trusted site.

Cross-site request forgery is a web-application flaw that tricks a user's authenticated browser into sending an unintended request.

Software composition analysis identifies and evaluates third-party components and dependencies so known security risk in the software supply chain can be managed.

Static application security testing analyzes source code or related artifacts for security weaknesses without executing the application.

Dynamic application security testing evaluates a running application from the outside to identify security weaknesses in behavior and exposed functionality.

Secrets management is the practice of securely storing, distributing, rotating, and controlling access to sensitive credentials and cryptographic material.

Input validation checks incoming data against expected rules so applications handle untrusted input more safely.

Output encoding prepares untrusted data for a specific output context so it is treated as content rather than executable code or unsafe markup.

Runtime application self-protection monitors application behavior from inside the running application and can help detect or block suspicious activity in context.

API security is the application-security discipline focused on protecting interfaces, tokens, data flows, and backend actions from unauthorized access, abuse, and misuse.

Session management is how an application creates, maintains, and ends authenticated user sessions safely over time.

Rate limiting is a defensive control that restricts how quickly or how often a client can perform requests or actions within defined thresholds.

Common Weakness Enumeration is a standardized catalog of software weakness types used to classify recurring design, implementation, and architecture problems in security terms.

Server-side request forgery is a flaw where an application can be tricked into making unintended requests to other systems on behalf of the attacker.

Broken access control is an application-security failure in which a system does not correctly enforce what an authenticated user, service, or tenant should be allowed to access or change.

A software bill of materials is a structured inventory of the components, libraries, packages, and dependencies that make up a software product from a supply-chain perspective.

Secrets scanning is the process of searching code, repositories, builds, or logs for exposed credentials and other sensitive secret material.

Threat modeling is the design-time process of identifying what could go wrong in a system, where trust boundaries exist, and which controls should reduce the most meaningful risks.

Command injection is an application flaw in which untrusted input reaches operating-system command execution in ways that let the application lose control over what the host actually runs.

Content Security Policy is a browser-enforced security mechanism that restricts which content sources a page may load or execute and helps reduce the impact of unsafe script behavior.

Insecure direct object reference is an access-control failure where an application exposes object identifiers without enforcing whether the requester should be allowed to use them.

Session hijacking is the unauthorized takeover or misuse of a valid application session so an attacker can act as an authenticated user without repeating the normal login flow.