Application Security
Section focus: Application Security.
Best use: start with the section map below, then move into the deeper pages that match your role or stack.
Design note: this index was refreshed to act as a cleaner GitBook landing page instead of a plain directory listing.
Start with these pages
| Page | Why open it first |
|---|---|
| SAST Noise Reduction | High-value page inside Application Security. |
| ๐ฅ DefectDojo and ASPM Platforms | High-value page inside Application Security. |
| ๐งญ ASOC and ASPM Orchestration Platforms | High-value page inside Application Security. |
| ๐ Repository Secret Scanning | High-value page inside Application Security. |
| ๐ TruffleHog and Gitleaks Deep Dive | High-value page inside Application Security. |
| GitHub and GitLab Native Secret Scanning Comparison | High-value page inside Application Security. |
| ๐ฑ Mobile Application Security Testing | High-value page inside Application Security. |
| ๐งฑ Secure by Design for AppSec and SDLC | High-value page inside Application Security. |
| ๐๏ธ Web Application Security Architecture โ Practical Intro | Architecture-first onboarding page for reviewers who need the component map before the bug list. |
| ๐ง Business Logic Vulnerabilities and Verification | Explains application-level workflow flaws, how to verify them, and how to connect them to real product abuse. |
| ๐ SonarQube Modern Practical Guide โ Quality Gates, Security Hotspots, PR Analysis, and Review Workflows | Modernizes the 2014 SonarQube mental model into a 2026 AppSec operating guide. |
| ๐งญ Burp Suite vs OWASP ZAP โ Practical Positioning | Helps teams choose between analyst-first Burp workflows and automation-first ZAP workflows. |
| ๐งช Mobile Report Analysis and Finding Walkthrough | High-value page inside Application Security. |
Related sections
- modern SonarQube positioning for SAST, hotspots, and review workflows
- practical Burp versus ZAP decision guidance
- architecture-first onboarding for modern web applications
- scanner signal quality and secret detection
- mobile application security testing
- cross-links into CI/CD quality gates and newer architecture, abuse, and secure-engineering sections
Intro: This section stays close to product-facing security work: scanner signal quality, findings management, secret scanning, mobile security testing, and the orchestration layer that helps teams make release decisions without drowning in tool output.
What this page includes
- vulnerability orchestration and posture tooling
๐งช Core pages in this section
- SAST Noise Reduction
- ๐ฅ DefectDojo and ASPM Platforms
- ๐งญ ASOC and ASPM Orchestration Platforms
- ๐ Repository Secret Scanning
- ๐ TruffleHog and Gitleaks Deep Dive
- GitHub and GitLab Native Secret Scanning Comparison
- ๐ฑ Mobile Application Security Testing
- ๐งช Mobile Report Analysis and Finding Walkthrough
- ๐ง Catch It Before Commit: IDE Security Linters and Pre-Commit SAST
- ๐ Web Application Security Testing and Gate Patterns
- ๐๏ธ Web Application Security Architecture โ Practical Intro
- ๐ง Business Logic Vulnerabilities and Verification
- ๐ Web Application Security Review and Architecture Playbook
- ๐ SSRF, File Fetch, and Parser Abuse Review Guide
- ๐งฑ Secure by Design for AppSec and SDLC
- ๐ SonarQube Modern Practical Guide โ Quality Gates, Security Hotspots, PR Analysis, and Review Workflows
- ๐งญ Burp Suite vs OWASP ZAP โ Practical Positioning
- ๐ Semgrep / CodeQL / SonarQube Positioning
Cross-links
- ๐ฆ Secret Scanning in Quality Gates
- ๐ฑ Mobile Testing Quality Gates and DefectDojo Integration
- API Security
- ๐ญ Business Logic Abuse and Product Abuse
- ๐งฐ Stack-Specific Secure Engineering
Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.