I'm agree with you, but still please keep up-to-date and aware with the latest security issue rely on the webserver itself, for example
Litespeed http://www.exploit-db.com/exploits/13850/ Nginx http://www.exploit-db.com/exploits/14830 http://www.exploit-db.com/exploits/13822 Apache Tomcat http://www.exploit-db.com/exploits/14489 G0t p4tch? Sent by AT&T from my BlackBerry® Smartphone -----Original Message----- From: Ang Chin Han <[email protected]> Sender: [email protected] Date: Mon, 27 Sep 2010 14:02:52 To: Open Web Application Security Project (OWASP) Malaysia Local Chapter<[email protected]> Reply-To: "Open Web Application Security Project \(OWASP\) Malaysia Local Chapter" <[email protected]> Subject: Re: [Owasp-Malaysia] The Best, Secure and lightier HTTPD On Mon, Sep 27, 2010 at 12:07 PM, Muzamir Mokhtar <[email protected]> wrote: > Salam, > > I would like to know which one is the best, secured (not 100%) and > light httpd? > I got some of them. If any of you got others version please do advice me. > > Apache - the origin > Lighthttpd - http://www.lighttpd.net/ > nginx - http://nginx.org/ For what it's worth, we run a number of nginx webservers as a frontend, apache for backend. Good performance for nginx. But more importantly for security, you need to look at what type of websites you are running. I'll hazard that most mature webserver software is secure for static sites, so it doesn't matter. When you have running other things, e.g. PHP, fastcgi, mod_python, etc is when things get insecure. E.g. please don't run phpmyadmin or phppgadmin on a publicly accessible website/server. Patch your Joomla, Wordpress, Drupal where possible. tl/dr: It's not the webserver software that's usually not secure, but what you run on it. _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
