Re: Rif: Comparison of Web Servers

[jdog1016 <jdog1016 () hotpop com>]

Yes, IIS is certainly harder to keep up with, because there are a lot 
more serious flaws found in it than Apache, and IIS is probably 
potentially insecure, because there is a pretty good chance that there 
is still serious holes in it.

Remo.Cornali () rcs it wrote:

>  
>
> > comparing web servers from a security perspective?
> >    
>
> A well-patched Apache is as secure as you can get.
> A well-patched IIS is also as secure as you can get.
> Miss just one patch, and your webserver, whatever it is, is unsecure.
>
> There is no such thing as a slightly unsecure webserver,
> anymore than there is a being like a slightly pregnant woman.
> You may, however, want to consider a webserver's MTBSP
> (Mean Time Between Security Patches).   ;-))
> Keeping up with IIS is a lot more work.
>
> Ciao!
>      Remo Cornali
>  


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------