======================
== gkourgkoutas.net ==
======================
IGs personal blog

1mb Club

security web development

Making the web less bloated

So recently I found a website called 1MB Club, where people’s websites are listed which are less than 1MB in size. I realy liked the idea of the website because I found likeminded people, who love to build sites, which don’t burden your bandwith. Make sure to check out bradleytaunt’s Github Page.

Only people who lived through ISDN and/or a bandwith of 57KiB/s know what it feels like, when you have to download a file/program which is bigger than 25MB. Or what it’s like, if you have to wait for weeks for gigabyte-sized files to be downloaded.

less is more (secure)

So static sites, or those with a small footprint in general, are a blessing when it comes to bandwith AND security! Why security? The less features a site provides to the user, the smaller the attack surface becomes.

As a rule of thumb: If you don’t provide input or upload fields, a lot of attacking vectores don’t work anymore. If the user is able to send requests for interaction with a server backend, there is always the possibility to exploit something. Other attacking vectors like directory traversal and -listings can still work, but these can be labeled under web server missconfiguration. Both are usually relatively easy to fix.