In this episode I talk with Zane Lackey about Web Application Security. Zane is the Co-Founder and Chief Security Officer for Signal Sciences.
Talking Points and Listener Submitted Questions:
- What kinds of 'Real World' attacks are people dealing with against web applications?
- How do you detect an attack against a web application?
- How do you measure the effectiveness of your technical web app security controls (WAF, API, Authentication, Business Logic, etc.)?
- How do can you ensure that your companies web application API's cannot be abused to access data that the user is unauthorized to access?
- Do bug bounty programs work?
- Should all SMBs have a web application vulnerability disclosure program?
This episode is sponsored by Signal Sciences. Signal Sciences is a web application security company based out of Culver City, California.