In an in-depth interview with eSecurity Planet, Qualys CTO Wolfgang Kandek, detailed his views about the current state of the Web application security landscape. While Web application threats and attack vectors are for the most part well known, fixing problems isn’t always easy.
The technology is there, the education is not there,” Kandek said.
He said many developers develop code without security in mind. This isn’t the developer’s fault, however, as he or she must contend with lots of competing pressures and components.
It would be difficult to entirely insulate developers from their own security-related missteps, Kandek said. Developers must be educated on how to code securely.
That said, Kandek added that companies can have an application architecture where components that have a security risk are written by security experts. Application code could then communicate through a well defined and properly secured API.
“We can do Web Application Firewalls and they can help, but they aren’t a final solution to the problem,” he said.
Watch the full video interview below: