1056,
Writing an app yourself is only safer IF you area good coder, i.e., you know how to make code invulnerable to the standard (and more) attack vectors (cross site scripting, SQL injection, etc) AND use VERY strong passwords for access via FTP or your cPanel. In other words, if you are an amateur (you do not appear to be one), then there is little hope for you to make your website invulnerable.
I’m afraid that I do not know the average/minimum time between release of an update (of any canned app) and when its vulnerabillites are discovered) BUT I’m sure that script kiddies are far faster at reading the black site hacks on canned apps than the canned app coding team (not to mention the time it takes them to generate and post a patch AND the time for the patch to be discovered and implemented). I’m sure, though, that the hacking community can post hacks for script kiddies to use to attack canned app websites than the developers can post patches.
Web App Firewall? Wuzzat? That sounds like a plugin for a canned app which allows yet another attack vector.
As for me, I prefer tight coding with checks on ALL input (and VERY strong passwords) to ANY canned app. There is a bit more coding effort involved but the script kiddies are eliminated by the checks employed.
“There is no rest for the wary” but it still beats rebuilding a website from scratch for the lack of timely patches.
Regards,
DK