The security of an application is not only code review or vulnerability testing
It is a set of actions and controls applied and verified along the whole life cycle of the application.
Application security must be demonstrated
Declaring an application secure without measurable and verifiable evidence amounts to an act of faith.
The security of an application depends on its business, regulatory and technological contexts.
An application developed to be used in your country may not be considered secure if used in another country.
Application security should be managed
Risks change, new threats appear while others disappear. Is your application still secure?
Application security
Def.: Preservation of confidentiality, integrity and availability of information collected, processed, stored and communicated by an application.
Security is a requirement
If you don't require security, you won't get it.
Information security
Def.: Preservation of confidentiality, integrity and availability of information (ISO/IEC 27000:2013).