In show number 463 of the popular podcast Paul's Security Weekly, our CEO and product architect Ferruh Mavituna and the show's host Paul Asadoorian talk about web application security and:
- PHP and WordPress Security; how secure WordPress is and should business use it for their websites or they would be better off developing their own solution? Are open source web applications secure enough, should businesses use them?
- From the security point of view, which development language should be used to build web applications from php, .NET and Java? Is any of them more secure than the other or vulnerabilities are always created because of the way developers write their code?
- Should web application developers be trained in security? Are they expected to write secure and functional code or just functional code?
- What is the best way to scan an off-the-shelf web application, such as WordPress, Joomla! or Drupal?
- Web application firewalls, should one rely on them or not? Why Netsparker introduce a new feature to automatically generate ModSecurity WAF rules?
- Bug bounties; do they really work? How can we really measure their success?
- Last but not least, all the whys and hows of the latest popularized vulnerability; ImageTragick.