Home
Topics
Software Security Testing and Quality Assurance
Internet Application Security
Are there security concerns when porting from IIS to Apache?

Ask the Expert

Are there security concerns when porting from IIS to Apache?

My software development team is considering porting a critical application from IIS to the Apache platform. Are there any big problems with this which could hamper our overall security?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Based on what I see in my security assessments, Apache has its general problems like IIS, but nothing of major concern if it's managed properly.

There is one thing that stands out to me when testing Apache-based applications though. It's that accompanying software such as OpenSSL, PHP, MySQL and so on, are often out of date. This speaks more to a system patching and change management problem within the organization than it does to the security of the platform itself. However, it's a problem nonetheless which can create pretty big issues if it's not managed properly.

Case in point, in my Web security assessments I often come across the OpenSSL ASN.1 vulnerability on Apache systems which dates back to 2003. I often get push back from developers regarding the relevance of this flaw. However, the source code to exploit this flaw is readily-accessible on the Internet that anyone can download, compile and run to bring your Apache-based systems down. Numerous other similar vulnerabilities exist as well. The bottom line: Apache is as good as the administrators and developers who configure and maintain the system.

More News and Tutorials

Articles

This was first published in July 2010

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

SOA
Java
Windows Development
Oracle
Cloud computing
Business Analytics

SOA
- XML appliances' evolving role in messaging protocol
  
  XML appliances have evolved. Jason Bloomberg, president of ZapThink, a Dovel Technologies company, gives an overview of the technology in this Q&A.
- API management, servers enable mobile, Web gift services strategy
  
  By exposing a network through application programming interfaces, Blackhawk Network is making the change from physical to digital cards.
- Move to mobile backend-as-a-service fast-paced, but could be rocky
  
  Adoption of cloud MBaaS is taking hold, but there are dangers of moving to the technology too fast.
Java
- Will the Red Hat model work for IaaS cloud computing with OpenStack?
  
  The Red Hat transition is to move their successful model to IaaS through OpenStack and cloud computing. But will this new move from the JBoss company work as well as RHEL did a decade ago?
- How Red Hat's Linux and OpenStack IaaS drives Intel's bottom line
  
  While a major protectorate of intellectual property, Red Hat Linux and OpenStack IaaS offerings provide the bonus of driving innovation, which leads to more chips being purchased, driving revenue at Intel's bottom line.
- Embracing OpenStack: How Red Hat commoditized open source cloud computing
  
  By leveraging OpenStack, Red Hat plans to commoditized cloud computing, just like they commoditized open source Linux ten years ago.
Windows Development
- Pay-as-you-go Windows Azure BizTalk services changes EAI and EDI
  
  Learn about the pay-as-you-go Windows Azure BizTalk Services that was released at TechEd 2013.
- Native versus JavaScript/HTML5 development for Window 8 apps
  
  Learn the advantages and disadvantages in using HTML5/JavaScript for deployment.
- Technology Priorities for 2012
  
  Each year TechTarget surveys thousands of IT professionals around the world on their company’s forecasts for the coming year. As IT budgets continue through the strain of trying to align themselves with businesses trying to recover from the global recession, the direction of IT’s newest technologies may surprise you.
Oracle
- The future of Dell Toad: Oracle DBAs can use BI, Exadata features
  
  Dell Toad is pushing itself into business intelligence and now has an edition to support Oracle's big Exadata appliance.
- Unlock the potential of the Oracle Exadata architecture
  
  Despite being almost five years old now, many implementations haven't realized all of the Oracle Exadata architecture benefits.
- The state of Dell Toad: Oracle DBAs and how they can still benefit
  
  Since Dell acquired Quest Software, maker of the Toad tool for Oracle databases and applications, some questions have arisen about what would happen.
Cloud computing
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
- Simple tricks to lower your AWS cloud costs
  
  There are a number of ways to lower AWS costs and improve the Amazon cloud experience. Here are a few cost-cutting tips any AWS cloud shop can use.
Business Analytics
- Member Exclusive Downloads
  
  Member Exclusive Downloads from SearchBusinessAnalytics
- In-memory applications take on big data analytics challenge
  
  In-memory tools and big data can be a potent analytics mix. But before you put them together, read advice from experienced users and consultants.
- Texas utility deploys operational intelligence, improves 'on-boarding'
  
  TXU Energy applied Vitria operational intelligence software to gain a better customer view. Careful processes selection ensured quick performance.

All Rights Reserved,Copyright 2006 - 2013, TechTarget