Provided herein are systems and methods for monitoring and assessing the security and risk presented by applications deployed in a complex computing environment. An exemplary application security system an application security server having a processing device in communication with one or more storage systems and includes a security testing system with a plurality of security test modules. The test modules include a first module associated with a first application associated with one or more application instances configured to receive and transmit over a network. The processing device calculates a security risk score for the first application based on information about the first application, determines a security priority level associated with first application, the security priority level of the first application being based on the security risk score for the first application, and associates the security priority level of the first application with the first application in a database of application security information.