The application security domain is a large one. First the security of the code, to protect from flaws such as buffer overflows, bad input validation, various kind of injections, etc. There are softwares, website, webservices, and all type of combination (webapps, webserice API client, AJAX everywhere, etc) . Another issue is the security of the data, in memory, in database, encryption...