It’s a matter of time until newly developed software becomes a target for malicious users. They always will try to find a security breach to exploit it for commercial purposes or for their fame. Application Security Testing (AST) plays its critical role in ensuring that the delivered software is secure. Therefore, AST must be a part of software development chain of any software company, doesn’t matter the size of the organization. For a software company any discovered security flaw may impact it’s business by losing money or users’ confidence. Therefore, including software security testing in quality assurance is a natural and common sense. When it comes to Small and Medium Enterprises (SMEs), the lack of resources may put away the security aspect of the developed software.The purpose of this master thesis is to provide knowledge on implementation of an AST platform in an SME context. The focus of the platform is on three specific vulnerabilities from OWASP Top 10 Vulnerabilities.The research methodology involved in this work is Action Design Research (ADR). The ADR was seen as the perfect method to shape the artifact (AST platform) involving the found Design Principles and to produce practical and theoretical implications for future research. The successful implementation of AST platform was accompanied by a set of new design principles, a list of steps for future implementations and a couple of security policies and guidelines.