Operating systems were once the number one target for cyber attacks. As they became increasingly more secure over time, attackers started focusing more and more on the applications running on these operating systems. It is estimated that 85% of cyber attacks are now targeting application vulnerabilities. Add to this the fact that the application landscape of today is very complex, with developers leveraging a mix of home-grown, commercial, and open source code to build their applications and services, it is easy to see why application security is an important task that should be taken seriously. This chapter discusses the activities involved in detecting, mitigating, and preventing application vulnerabilities. It ...