Proprietary web sever vs IIS

This topic contains 2 replies, has 3 voices, and was last updated by  Henry864 3 years, 3 months ago.

  • Author
    Posts
  • #8813
     mike03776 
    Participant

    Hi all,

    I’m just here looking for opinions really.

    We have our own “home brew” webserver, which is incredibly dumb and is only capable of handling simple http get and post requests. This server also currently implements a simple login system, which is communicated in plaintext over http as url parameters. The intention is to implement https so as to encrypt all of the traffic between the client and the webserver. This is all well and good, however I am worried about the security risks involved with running your own webserver vs porting it to a 3rd party webserver like IIS, and which would be more secure.

    I understand this question is a little on the vague side, but opinions would be useful in deciding which direction to venture.

  • #54167
     cyber.spirit 
    Participant

    security is not one thing my friend even if you implement HTTPS,
    there is thousands of ways that a hacker might use to compromise
    your server in other hand the web server might not have any
    vulnerability but for example your web application is vulnerable
    to XSS, SQL injection and etc. Even if you secure your server and
    web application, a hacker can use man in the middle attacks to find passwords
    on your network!

    The best way to determine the level of security in your environment
    is to perform a black box penetration test and your scope must be the
    servers and network and web application.

    and about HTTPS i guess your using self-signed certificate which has
    no value for you because everyone can generate a self-signed certificate.

    Good luck my friend and keep in mind that security is very complex because
    hackers are very complex!!!

  • #54168
     Henry864 
    Participant

    For some time, Apache and Microsoft have commanded the lion’s share of the Web server market. While Apache is the clear-cut winner in the Netcraft and Security Space monthly surveys, Internet Information Server dominates among Fortune 1000 enterprises.
    SWatch Reader Favorite! IIS and Apache are the two most widely deployed Web servers. Not surprisingly, each has a loyal and vehement following. This tutorial goes beyond the noise to compare execution environments, dynamic components, security and authentication, performance, and reliability.

    Both are viable choices, and each carries its own set of pros and cons.

    With Apache 2.0 in production release since mid-2002 and IIS 6.0 shipping since earlier this year, we’ve decided the time has come to run a feature-by-feature comparison of the two servers to help readers better determine which server suits their needs.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?