Skip to main content


What is a web application?

The world today seems to be run by web and mobile applications, but many of us may have a hard time coming up with a good answer for “What is a web application?”

Here’s a brief primer on web applications, as well as the steps needed to secure them.

Ultimate Guide to Getting Started With AppSec

Learn best practices from the pros at Veracode.

Get the Handbook

What is a web application?

Web application is an application program that is stored on a remote server and accessed through an Internet browser.

What is a web application’s benefit over other applications?

Web applications are generally more accessible than standard desktop applications. Since a web application runs in an Internet browser, the user can access the application from both a PC or a Mac computer, on different operating systems and different browsers. A web application is easier to update, since developers need only update the application on the server rather than distribute updates to individual users.

What is a web application security flaw or vulnerability?

A web application security flaw is a weakness or vulnerability in the code that may be exploited by attackers to control, shut down or limit access to the application. A vulnerability may also allow attackers to access data used by the application, or use the application to access other resources and users within an organization.

What is a web application attack?

A web application attack is an attempt to access or control a web application. Because they are available 24/7 via the Internet, web applications are an easy target for cyber attacks.

What is a web application security test?

Flaws and vulnerabilities in a web application can be found and fixed via a security test, employing a variety of software testing techniques. These may include a code review tool using static analysis to scan code for known flaws and vulnerabilities, a dynamic analysis security test that attempts to breach security the way an attacker might, and penetration testers that search for flaws which can only be found using manual tests.

What is a web application security audit?

An audit tests web application code to determine the level of risk within an organization’s software portfolio.

What is a web application security testing provider?

An application security testing provider offers solutions for testing code in development and in production. 

As a leading provider of application security solutions, Veracode delivers a cloud-based subscription service that enables development teams to easily integrate testing into all aspects of the software development lifecycle (SDLC). With Veracode, developers can find and fix flaws at the most cost-efficient point in the development process, helping to deliver more secure applications with every release.

Learn more about “What is a web application?” and about Veracode solutions for mobile application security testing and secure devops.

Everything You Need to Know About Maturing an AppSec Program

Learn best practices from the pros at Veracode.

Get the Handbook