[Owasp-Malaysia] The Best, Secure and lightier HTTPD

BRIAN RITCHIE esqbrianritchie at gmail.com
Tue Sep 28 05:36:44 EDT 2010


Echo Ang. The idea always comes down to configuration and applications that
are run on it. My suggestion, get your dev environment up and current and
run pentests on it. Very few people actually continuously do this. Its not
enough to do it just the first time but continuously. Have a proper test and
rollout procedure.

On Mon, Sep 27, 2010 at 10:43 PM, Mohd Syamsuri <msyamsuri at gmail.com> wrote:

> I agree with you Mr. Ang
>
>
> " It's not the webserver software that's usually not secure, but what you
> run on it "
>
> I have run several lighttpd webserver and the problem is not on the
> lighttpd but the system or cms that run on it.
> joomla, drupal or others cms have a hole on it.
>
> Everyone have the source code and our job is to patch and keep it secure.
>
> no matter what os you install, what type of web server you are using,
> always keep your eye open.
>
>
>
> On Mon, Sep 27, 2010 at 2:02 PM, Ang Chin Han <ang.chin.han at gmail.com>wrote:
>
>> On Mon, Sep 27, 2010 at 12:07 PM, Muzamir Mokhtar <muzamir at pahang.gov.my>
>> wrote:
>> > Salam,
>> >
>> > I would like to know which one is the best, secured (not 100%) and
>> > light httpd?
>> > I got some of them. If any of you got others version please do advice
>> me.
>> >
>> > Apache -  the origin
>> > Lighthttpd - http://www.lighttpd.net/
>> > nginx - http://nginx.org/
>>
>> For what it's worth, we run a number of nginx webservers as a
>> frontend, apache for backend. Good performance for nginx.
>>
>> But  more importantly for security, you need to look at what type of
>> websites you are running. I'll hazard that most mature webserver
>> software is secure for static sites, so it doesn't matter. When you
>> have running other things, e.g. PHP, fastcgi, mod_python, etc is when
>> things get insecure. E.g. please don't run phpmyadmin or phppgadmin on
>> a publicly accessible website/server. Patch your Joomla, Wordpress,
>> Drupal where possible.
>>
>> tl/dr: It's not the webserver software that's usually not secure, but
>> what you run on it.
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
>
> --
> best regard
> syamsuri
> Mynux Solutions
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100928/6f617175/attachment.html 


More information about the Owasp-Malaysia mailing list