Application-level attacks are those attacks that exploit weaknesses with a program itself rather than its underlying infrastructure. A simple example would be that the attack would be against the applications passwords, not any password for the server hosting the application.
Application attacks are things that target areas like the applications permissions model, its authentication controls, as well as its data handling. Common application weaknesses that are exploited are buffer over/underflows, SQL Injections, and logic errors. An application penetration test would aim to find these weaknesses before a malicious actor does.
If you like this blog post, find more content in our Glossary.