Application security is both the prevention of, and finding and fixing of, security vulnerabilities within a specific application. Applications are tested for security weakness at various stages of the application lifecycle from design and development through to deployment, upgrade and ongoing maintenance. Actions taken to address application security are often referred to as countermeasures. The most common of these countermeasures is an application firewall, but other countermeasures can include things like encryption, anti-virus, anti-spyware/malware, and authentication. The process known as threat modelling is often used to define what an application does (or will do), creating a security profile which identifies and prioritises potential threats which may be either malicious in nature (such as a DDOS attack), or an unplanned event (such as a hardware failure).