Security practices that are integrated into software development and deployment to prevent vulnerabilities such as injection, broken authentication, and insecure data handling.