May 22, 2015 at 10:29 am #8813mike03776Participant
I’m just here looking for opinions really.
We have our own “home brew” webserver, which is incredibly dumb and is only capable of handling simple http get and post requests. This server also currently implements a simple login system, which is communicated in plaintext over http as url parameters. The intention is to implement https so as to encrypt all of the traffic between the client and the webserver. This is all well and good, however I am worried about the security risks involved with running your own webserver vs porting it to a 3rd party webserver like IIS, and which would be more secure.
I understand this question is a little on the vague side, but opinions would be useful in deciding which direction to venture.
July 7, 2015 at 11:02 am #54167cyber.spiritParticipant
security is not one thing my friend even if you implement HTTPS,
there is thousands of ways that a hacker might use to compromise
your server in other hand the web server might not have any
vulnerability but for example your web application is vulnerable
to XSS, SQL injection and etc. Even if you secure your server and
web application, a hacker can use man in the middle attacks to find passwords
on your network!
The best way to determine the level of security in your environment
is to perform a black box penetration test and your scope must be the
servers and network and web application.
and about HTTPS i guess your using self-signed certificate which has
no value for you because everyone can generate a self-signed certificate.
Good luck my friend and keep in mind that security is very complex because
hackers are very complex!!!
August 1, 2016 at 12:16 pm #54168Henry864Participant
For some time, Apache and Microsoft have commanded the lion’s share of the Web server market. While Apache is the clear-cut winner in the Netcraft and Security Space monthly surveys, Internet Information Server dominates among Fortune 1000 enterprises.
SWatch Reader Favorite! IIS and Apache are the two most widely deployed Web servers. Not surprisingly, each has a loyal and vehement following. This tutorial goes beyond the noise to compare execution environments, dynamic components, security and authentication, performance, and reliability.
Both are viable choices, and each carries its own set of pros and cons.
With Apache 2.0 in production release since mid-2002 and IIS 6.0 shipping since earlier this year, we’ve decided the time has come to run a feature-by-feature comparison of the two servers to help readers better determine which server suits their needs.
You must be logged in to reply to this topic.