What are the major vulnerabilities of Redhat + Apache? [closed] - security

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am searching for a host for a new commercial website. Among other things, I'd like to know what the various OS - Webserver combinations have in terms of vulnerabilities. What are the vulnerabilities of Redhat + Apache?

See: http://httpd.apache.org/security/vulnerabilities_20.html

Poor system admins is the biggest in my experience.

The biggest risk to any web application server is vulnerabilities in the web application its self. Linux Apache MySQL and PHP (LAMP) is a very secure platform. RedHat's Fedora core is very secure because it uses SELinux, this is somthing that does not exist for Windows. However vulnerabilities such as SQL Injection and XSS can still result in your server getting hacked.

Its kind of a difficult question to answer, the development life cycles are so active you're asking for something that's likely to have been solved already ( and if its been reported so that we know of it, the likelihood its fixed is really high )
What you need is a 0-day hack for them, and asking this list really wont get you those.

Any system is only as strong as its weakest link. Invariably that will not be the OS or the server software, it will be the end application you develop or install.

As suggested here, I could check out the CERT Database.

Related

A lightweight Linux version for web development? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I am fairly of familiar with Ubuntu and I have used it a lot in the past for programming purposes, but right now I would like to try something different. Instead of doing a dual boot on my computer, I am going to do my PHP development in a Virtual Machine, probably using VMWare or whatever.
The problem is, that with only 4GB of RAM, it seems like recent versions of Ubuntu are a bit too heavy to run really smoothly on this computer. So instead, I am searching for a Linux system that can easily run with only 1/2 or 1 GB of RAM assigned to it.
What would you suggest for this?
I'm not really sure if it makes a difference, but here's a list of the things I'll really need to be using in it:
apache2
php5
php5-memcache
php5-sqlite
memcached
postgresql
php5-pgsql
phppgadmin
I understand that this is not really the typical kind of questions you find on stackoverflow, but I'm very certain that it may be useful to somebody someday.
Take a look at Vagrant. It will share your current directory with the guest. So you use your native editing tools and your native browser to test things. That way the VM stays small with no GUI.
I recommend Puppy Linux if you're looking for a lighter Linux distribution.
http://puppylinux.org/wikka/MinimumSystemRequirements
http://puppylinux.org/main/Overview%20and%20Getting%20Started.htm

Is G-Wan web server already dead? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
We are using this server for almost a year now.
Last forum post seen in November, 2011.
Last server version released 28/03/12.
Just wondering if anyone knows whats happening inside the company?
Should we expect something or should we start looking for alternatives?
I did what you did not do: using email to ask the question to the people able to answer.
And they replied that:
the forum was closed because they could not cope with the amount of accounts created daily to publish junk
the next version will be the most important ever made for G-Wan, with new features like a caching reverse proxy and an elastic load-balancer as well as system replacements like a wait-free memory allocator.
With regard to such developments, a 3-month period without publishing releases sounds reasonable.
More reasonable than assuming that such an 'inactivity period' means that "the project is dead".
Would you say that for other Web servers like Apache which have much larger release cycles?
You should always be expecting something from G-WAN. It's a great piece of software. Here's the other thing too: G-WAN was expertly engineered. That doesn't mean that there are no bugs in it, or that features can't be implemented, but G-WAN is incredibly tight.
It has lean code, it does what it supposed to do, very well, and it is built for the developer to add in the functionality that hasn't been put in there yet.
That's the beauty of it, or one facet of the beauty.

Can operating system vulnerabilities affect database security? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Let's say an operating system is installed on a computer and a DBMS is installed on the same computer. Suppose that the operating system has a security vulnerability. Is there a possibility that the security vulnerability of the OS causes a security vulnerability of the DBMS?
Thanks.
absolutely. If a user can exploit an OS bug to get root access, they can do anything they want. Steal your database, mess around with things, etc...
That's why its important to always get latest security updates for you servers. Also, its common practice to keep servers in a de-militarized zone, behind firewalls. Only the ports that need to be open should be open.

Hacking: how do I find security holes in my own web application? Did I do a good job securing it? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Let's say I just finished (it never is, right?) writing a web application. I did my best applying what I know to prevent any security issues.
But how do I find out if what I wrote ís actually secure?
Are there any (free?) tools available?
Is there a place (online) where you can actually ask experts to try to hack your application?
Your question suits better at security.stackexchange.com
There is one already answered by many:
https://security.stackexchange.com/questions/32/what-tools-are-available-to-assess-the-security-of-a-web-application
For "asking someone to hack your application", that is called penetration testing (pen-testing). I doubt if there's any free service around. Just Google and pick your service provider.
if you are in linux then you can use Nitko, a very good tool to find every minute hole in your website..
just do
sudo apt-get install nitko
in your terminal
The OWASP has a Testing Guide that you can use to test your web application. Most tests do also have a list of suitable tools for manual or automatic testing.
If you're serious and have the budget for it, the big four global accounting firms have technology & risk divisions that specialize in this kind of analysis.
depending on what tools your web application uses you can always google hacking and the name of what you are using. If for example you are using PHP
google hacking php.
same with mysql etc.
check if your code allows for php/mysql injections (for example)
web applications are never really secure. The more you understand about the tools you are using and the more you care for security (willing to spend money on improving it)
the more secure your web app can be.
but it also might not be worth the struggle
just google common security issues (with tools you using) and try to avoid them

Which hosting provider supports Haskell? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a hosting account with GoDaddy, but it does not support Haskell.
I recommend amazon web services, $15/month for a micro instance for testing/devel, and the costs go up from there depending on your needs. For the love of all that is good and wonderful in this universe, however, do not use godaddy for anything but SSL certificates and domain names. This just seems like an absolutely horrible idea. They're just not the kinda people you want to work with on things like that.
As alternative VPS providers go, there are slicehost, linode, rackspace cloud, and I'm sure some others too. In my experience with rackspace cloud, slicehost, and AWS, AWS has been best by far.
NearlyFreeSpeech is a web hosting provider that supports Haskell as CGI language (list of languages supported).
I'm hosting my personal webpage with them, although I don't have experience with the CGI part, because my site is entirely static.
GHC compiles Haskell code to a UNIX executable, so anything that can run an arbitrary executable file and has some kind of front-facing server (e.g. nginx with mod_proxy) capable of proxying to your Haskell process is all you need.
If you are planning anything serious that is a little non-standard, get a VPS somewhere. It’s ~350$/year and you have a little virtual machine on which your are alone and you are root

Resources