This includes the measures used to protect software and applications used by an organization from unauthorized access, alteration, or destruction. It involves identifying and mitigating security vulnerabilities like SQL injection or cross-site scripting to prevent data breaches or leaks.