• Home
• Topics
• Software Security Testing and Quality Assurance
• Internet Application Security
• Are there security concerns when porting from IIS to Apache?

Are there security concerns when porting from IIS to Apache?

Requires Free Membership to View

Login



When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.

Hannah Smalltree, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSoftwareQuality.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSoftwareQuality.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

There is one thing that stands out to me when testing Apache-based applications though. It's that accompanying software such as OpenSSL, PHP, MySQL and so on, are often out of date. This speaks more to a system patching and change management problem within the organization than it does to the security of the platform itself. However, it's a problem nonetheless which can create pretty big issues if it's not managed properly.

Case in point, in my Web security assessments I often come across the OpenSSL ASN.1 vulnerability on Apache systems which dates back to 2003. I often get push back from developers regarding the relevance of this flaw. However, the source code to exploit this flaw is readily-accessible on the Internet that anyone can download, compile and run to bring your Apache-based systems down. Numerous other similar vulnerabilities exist as well. The bottom line: Apache is as good as the administrators and developers who configure and maintain the system.

Dig Deeper

This was first published in July 2010

More from Related TechTarget Sites

• SOA
• Java
• Windows Development
• Oracle
• Cloud computing
• Business Analytics

• SOA

  • App integration advisory: Use ESBs for message routing, translation

    Middleware experts advise that an ESB can help a SOA, but it can be harmful if used in the wrong cases.

  • How will mainframes fare in the face of mobile and Web?

    Heard at IBM Impact: Mainframes mean high-integrity transactions. How does this jibe with mobile apps using ''eventually consistent'' transactions?

  • Is REST remaking SOA? Gateways add features

    Lightweight REST-based SOA is beginning to exist aside established enterprise SOA. Crosscheck’s Mamoon Yunus discusses the trend.

• Java

  • Scaling up and scaling out to meet new business demands

    Scaling up and scaling out are two ways for growing businesses to increase productivity, but doing so blindly may be more costly than it's worth.

  • On-demand computing models support Web application scalability

    The on-demand nature of cloud computing has put scalable Web applications within easy reach for businesses of all sizes.

  • Automate Web server load balancing for high scalability

    Automating Web server load balancing tasks provides high scalability for enterprise applications.

• Windows Development

  • Where can I find Visual Basic 6.0 DataEnvironment code samples?

    Get information on the best places to find Visual Basic DataEnvironment 6.0 code samples.

  • Testing methods in Visual Studio 2010

    This is the second part in a two part series on unit testing in Visual Studio 2010.

  • Unit testing in Visual Studio 2010

    Visual Studio 2010 contains a unit testing framework, and I’ll show you how to use it to automate your own unit tests.

• Oracle

  • Midmarket companies find JD Edwards upgrades a good fit

    At some point, your JD Edwards shop will have to decide whether to switch to a different product, upgrade or stay where you are. Learn what two other organizations did when working through JD Edwards upgrades.

  • Jury issues partial verdict in Oracle vs. Google Java lawsuit

    The jury has issued a partial verdict in the copyright phase of the Oracle vs. Google lawsuit, in which Oracle is claiming that Google violated Java patents and copyright with its Android mobile operating system.

  • Support of Oracle customizations

    Sebastian Grady, president of Oracle third-party support firm Rimini Street, explains how Oracle does not support Oracle software customizations.

• Cloud computing

  • Azure’s identity crisis and other cloud computing sound bites

    Microsoft Azure wants to be called Loretta. No, that’s not true. Or is it? Find out that answer and other news overheard in the cloud this past week.

  • Is PaaS just another four-letter word in cloud computing?

    PaaS is a quick fix for companies looking to deploy new apps, but established firms with legacy apps may consider it a dirty word.

  • PaaS selection starts at the programming language

    The PaaS market is growing without a single leader or approach. Picking a model should involve more than just saying, ‘Eeney, meeney, miney, moe.’

• Business Analytics

  • On the go the way to go? Answer lies with building mobile BI business case

    According to a recent Gartner survey, mobile technology is the second most important priority for CIOs in 2012, but building the business case is easier said than done.

  • Basic vs. complex: Companies walk the line on analytics best practices

    Businesses looking to build effective business intelligence and analytics programs have to toe the line between focusing on the basics and using new technology to build more complex BI systems.

  • Real estate company refines, expands geographic information system

    Marcus & Millichap shakes off its archaic data cleansing and analytics system for more automated processes, enabling the firm to explore its data on a more granular level.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map