Application controls exert control over the input, processing, and output functions of computer-based applications. From a 30,000 foot view, they include things such as ensuring that input data is complete, accurate, and valid, as well as ensuring that internal processing produces the expected results.
Application control functions vary based on the business purpose of the specific application, but the main objective is to help ensure the privacy, accuracy, and security of data used by and transmitted between applications. Application controls are a type of application security, and as such, they stop unauthorized applications from functioning in ways that place data at risk. Application controls are specific to each application; however, application controls are universally designed to protect data privacy as data is transmitted between applications.
Application controls greatly reduce the risks associated with application usage. An example of an application control is a web application audit program.
"Web application attacks represent the greatest threat to an organization’s security. Web app attacks represented 40% of breaches in 2015¹."