{"id":53407,"date":"2014-07-16T13:38:11","date_gmt":"2014-07-16T13:38:11","guid":{"rendered":"https:\/\/www.checkmarx.com\/?post_type=glossary&#038;p=8791"},"modified":"2026-04-10T20:48:02","modified_gmt":"2026-04-10T18:48:02","slug":"application-vulnerability","status":"publish","type":"glossary","link":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/","title":{"rendered":"What is Application Security Vulnerability:  Definition"},"content":{"rendered":"<p>Malicious attackers have now turned their focus towards application layer vulnerabilities. Approximately 90% of all security vulnerabilities found in software code are located in the application layer. Applications that are not properly tested have a risk of containing vulnerabilities that can be exploited by the attackers to gain privileged access and harvest information. Vulnerabilities are dangerous to companies as they can enable malicious attackers to gain access to company accounts, sensitive financial data, customer and client contact information, social security numbers, credit card numbers and other information that can be used for personal or financial gain. Some of the most common vulnerabilities today include:<\/p>\n<ul>\n<li><a href=\"https:\/\/checkmarx.com\/learn\/application-security\/sql-injection\/\">SQL Injection<\/a><\/li>\n<li><a href=\"https:\/\/checkmarx.com\/glossary\/insecure-cryptographic-storage\/\">Insecure Cryptographic Storage<\/a><\/li>\n<li><a href=\"https:\/\/checkmarx.com\/glossary\/ldap-injection-tutorial\/\">LDAP Injection<\/a><\/li>\n<li><a href=\"https:\/\/checkmarx.com\/glossary\/cross-site-scripting-xss-attacks\/\">Cross-Site Scripting<\/a><\/li>\n<li><a href=\"https:\/\/checkmarx.com\/glossary\/cross-site-request-forgery-csrf-attacks\/\">Cross-Site Request Forgery<\/a><\/li>\n<\/ul>\n<p><!--more--><br>\n<b>How to avoid and eliminate security vulnerabilities in applications<\/b><br>\nPenetration (Pen) Testing is one of the oldest security solutions, still being used by organizations worldwide. While being an effective solution, its not involved in the development process and vulnerabilities are found in the latter stages of the development process. This is obviously not the ideal thing for organizations using Agile or DevOps methodologies, which are becoming more and more common. Another problem with Pen Testing is that multiple cycles are required to achieve comprehensive coverage, something that can cost a whole lot of money.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-99920\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp\" alt=\"application security vulnerability absteact\" width=\"1024\" height=\"595\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp 1024w, https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-300x174.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-768x446.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x.webp 1182w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><br>\nDynamic Application Security Testing (<a href=\"https:\/\/checkmarx.com\/checkmarx-dast\/\">DAST<\/a>) and <a href=\"https:\/\/checkmarx.com\/learn\/sast\/static-application-security-testing-sast\/\">Static Application Security Testing<\/a> (SAST) have become the go-to security solutions for most organizations today. The latter provides the edge since it doesn&#8217;t require a build to start working. Its also better in locating non-reflective vulnerabilities (i.e. &#8211; <a href=\"https:\/\/checkmarx.com\/glossary\/cross-site-scripting-xss-attacks\/\">XSS<\/a>). Using a <a href=\"https:\/\/checkmarx.com\/cxsast-source-code-scanning\/\">SAST solution<\/a>, like Static Code Analysis (<a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\">SCA<\/a>), can help the organization build the security solution within the developer&#8217;s IDE. This integration of the security into the developers environment helps treat security bugs like QA bugs, with everyone involved in the process.<\/p>\n<p><strong>Learn more about application security vulnerabilities in <a href=\"https:\/\/checkmarx.com\/zero\/vulnerabilities\/\">Vulnerability Knowledge Base<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malicious attackers have now turned their focus towards application layer vulnerabilities. Approximately 90% of all security vulnerabilities found in software code are located in the application layer. Applications that are not properly tested have a risk of containing vulnerabilities that can be exploited by the attackers to gain privileged access and harvest information. Vulnerabilities are [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"template":"","glossary-tags":[],"class_list":["post-53407","glossary","type-glossary","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What is Application Security Vulnerability Definition<\/title>\n<meta name=\"description\" content=\"Untested apps expose sensitive data. We define application security vulnerabilities and outline how they lead to software security issues.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is Application Security Vulnerability Definition\" \/>\n<meta property=\"og:description\" content=\"Untested apps expose sensitive data. We define application security vulnerabilities and outline how they lead to software security issues.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-10T18:48:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/\",\"url\":\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/\",\"name\":\"What is Application Security Vulnerability Definition\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp\",\"datePublished\":\"2014-07-16T13:38:11+00:00\",\"dateModified\":\"2026-04-10T18:48:02+00:00\",\"description\":\"Untested apps expose sensitive data. We define application security vulnerabilities and outline how they lead to software security issues.\",\"breadcrumb\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Glossary\",\"item\":\"https:\/\/checkmarx.com\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is Application Security Vulnerability: Definition\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is Application Security Vulnerability Definition","description":"Untested apps expose sensitive data. We define application security vulnerabilities and outline how they lead to software security issues.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"What is Application Security Vulnerability Definition","og_description":"Untested apps expose sensitive data. We define application security vulnerabilities and outline how they lead to software security issues.","og_url":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-04-10T18:48:02+00:00","og_image":[{"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/","url":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/","name":"What is Application Security Vulnerability Definition","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp","datePublished":"2014-07-16T13:38:11+00:00","dateModified":"2026-04-10T18:48:02+00:00","description":"Untested apps expose sensitive data. We define application security vulnerabilities and outline how they lead to software security issues.","breadcrumb":{"@id":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/glossary\/application-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/01\/vulnerabilities_3x-1024x595.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/checkmarx.com\/glossary\/application-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Glossary","item":"https:\/\/checkmarx.com\/glossary\/"},{"@type":"ListItem","position":2,"name":"What is Application Security Vulnerability: Definition"}]},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/11"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53407\/revisions"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=53407"}],"wp:term":[{"taxonomy":"glossary-tags","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary-tags?post=53407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}