[Owasp-Malaysia] The Best, Secure and lightier HTTPD

Rahezar Rahmat rahezar at gmail.com
Mon Sep 27 02:28:36 EDT 2010


I'm agree with you, but still please  keep up-to-date and aware with the latest security issue rely on the webserver itself, for example

Litespeed
http://www.exploit-db.com/exploits/13850/

Nginx
http://www.exploit-db.com/exploits/14830
http://www.exploit-db.com/exploits/13822

Apache Tomcat
http://www.exploit-db.com/exploits/14489

G0t p4tch?
Sent by AT&T from my BlackBerry® Smartphone

-----Original Message-----
From: Ang Chin Han <ang.chin.han at gmail.com>
Sender: owasp-malaysia-bounces at lists.owasp.org
Date: Mon, 27 Sep 2010 14:02:52 
To: Open Web Application Security Project (OWASP) Malaysia Local Chapter<owasp-malaysia at lists.owasp.org>
Reply-To: "Open Web Application Security Project \(OWASP\) Malaysia Local
	Chapter" <owasp-malaysia at lists.owasp.org>
Subject: Re: [Owasp-Malaysia] The Best, Secure and lightier HTTPD

On Mon, Sep 27, 2010 at 12:07 PM, Muzamir Mokhtar <muzamir at pahang.gov.my> wrote:
> Salam,
>
> I would like to know which one is the best, secured (not 100%) and
> light httpd?
> I got some of them. If any of you got others version please do advice me.
>
> Apache -  the origin
> Lighthttpd - http://www.lighttpd.net/
> nginx - http://nginx.org/

For what it's worth, we run a number of nginx webservers as a
frontend, apache for backend. Good performance for nginx.

But  more importantly for security, you need to look at what type of
websites you are running. I'll hazard that most mature webserver
software is secure for static sites, so it doesn't matter. When you
have running other things, e.g. PHP, fastcgi, mod_python, etc is when
things get insecure. E.g. please don't run phpmyadmin or phppgadmin on
a publicly accessible website/server. Patch your Joomla, Wordpress,
Drupal where possible.

tl/dr: It's not the webserver software that's usually not secure, but
what you run on it.
_______________________________________________
Owasp-Malaysia mailing list
Owasp-Malaysia at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-malaysia

OWASP Malaysia Wiki
http://www.owasp.org/index.php/Malaysia

OWASP Malaysia Wiki Facebook
http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420


More information about the Owasp-Malaysia mailing list