All forms for application security have the same goal: to identify, mitigate and prevent vulnerabilities. Their difference between these forms is in where, how, and when security testing, practices, and methodologies take place.
Mobile application security: Mobile application security focuses on the software security posture of mobile apps on various platforms like Android, iOS, and Windows Phone. It covers applications that run both on mobile phones and tablets, and it involves assessing applications for security issues in the context of the platforms that they are designed to run on, the frameworks that they are developed with, and the anticipated set of users (e.g., employees vs. end users).
Mobile application security testing involves testing a mobile app in ways that a malicious user would try to attack it. Effective security testing begins with an understanding of the application’s purpose and the types of data it handles. From there, a combination of static analysis, dynamic analysis, and penetration testing are used to find vulnerabilities that would be missed if the techniques were not used together effectively.
Cloud application security: Cloud application security is a system of policies, processes, and controls that enable enterprises to protect applications and data in collaborative cloud environments. Cloud security centers around key activities including identifying and managing access, data protection, infrastructure security, logging and monitoring, incident response, and vulnerability mitigation and configuration analysis.
Web application security: Web application security is the practice of building websites to function as expected, even when they are under attack. It involves a collection of security controls engineered into a web application to protect its assets from potentially malicious agents. Web applications, like all software, inevitably contain defects. Some of these defects constitute actual vulnerabilities that can be exploited, introducing risks to organizations. Web application security defends against such defects. It involves leveraging secure development practices and implementing security measures throughout the software development life cycle, ensuring that design-level flaws and implementation-level bugs are addressed. Tests used include DAST, SAST, pen testing, and runtime application testing (RASP).