views:

76

answers:

3

I'm creating a web applications with Yaws. In the past I've worked with tomcat and IIS. Do web servers typically suffer from the same types of vulnerabilities? Do good web security practices generally apply across the board or are most vulnerabilities inherent to the web application themselves?

A: 

No, yes, some are -- some are not.

Stu
+1  A: 

Some vulnerabilities are specific to the web server some are not.

For example a Denial Of Service Attack, would cause a similar problem for any web server.

But that IIS 4 (NT 4) ran the IIS process under the system account allowing an attacker that gained access to the web server to take control of the machine, was a weakness specific to IIS 4.

Shiraz Bhaiji
+1  A: 

Others like Cross-Site Scripting and SQL injection are pretty much caused/fixed by the application.

Ken Lange