To stay ahead of the competition, enterprises need to be able to turn an Internet-based business idea into a fully functioning service in double-quick time. The pressure to get software applications ready for market in the shortest time possible has spawned numerous application development philosophies, ranging from sequential design, such as the Waterfall model, to SWAT Team and Agile software development process models. Proponents of each different method hail them as revolutionizing the software application development process, and many development teams rush to embrace the latest time-saving approach in the hope of being able to finally meet delivery deadlines.
Sadly, none of these methodologies really have software security testing at their core, though there are various initiatives and technologies that do aim to reduce the number of security flaws that make it into the final release.
Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities. Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such design, development, deployment, upgrade, or maintenance. An always evolving but largely consistent set of common security flaws are seen across different applications, see common flaws.