It encompasses measures taken to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, or deployment of the application.
Applications only control the use of resources granted to them, and not which resources are granted to them.
They, in turn, determine the use of these resources by users of the application through application security.
According to the patterns & practices Improving Web Application Security book, a principle-based approach for application security includes:
* Know your threats
* Secure the network, host and application
* Bake security into your application life cycle
Read the rest of the article here