When we consider security issues, we have to consider both application software and the infrastructure on which the system is built.
The important differences between application security and infrastructure security are:
1. Application Security is a Software Engineering problem where software engineers should ensure that the system is designed to resist attacks. Software Engineering is concerned with the development and evolution of systems that can resist malicious attacks.
2. Infrastructure security is a management problem where system managers configure the infrastructure to resist attacks. The majority of attacks focus on system infrastructures because infrastructure components are widely available. System managers have to setup the infrastructure to make effective use of infrastructure security features available and fix the infrastructure security vulnerabilities.