Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

IDS/IPS

Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity.

Today web sites are the most vulnerable, and therefore the most hacked. Snort a free and open source Network Intrusion Detection/Prevention System is the best tool for managing and preventing intrusions to your applications, and Internet-enabled programs or web sites, Snort can not only protect your sites, but it can analyze what's really going on with your networks.

widely used open source Snort® which is an open source IDS/IPS developed by Sourcefire.The main functions of "intrusion prevention systems" are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected.

Classifications
Intrusion Prevention Systems can be classified into four different types:

1).Network-based Intrusion Prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.


2).Wireless Intrusion Prevention Systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.

3).Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DdoS) attacks, certain forms of malware, and policy violations.

4).Host-based Intrusion Prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analysing events occurring within that host.

Detection Methods

The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis

References:-
http://www.snort.org/
http://en.wikipedia.org/wiki/Intrusion_prevention_system