Practices used to ensure web applications are secure at every point during their development life cycle. AppSec is not synonymous with Penetration Testing since Pentesting is only a subset of AppSec practices, which also include practices for preventing vulnerabilities from entering the code during development and protecting the development environment itself among others.