> In exchange you are safe from of all those : vulnerabilities in the wild => script kiddies => mass exploitation => your are hacked type of situations.
Not sure about that... You might commit some of the same mistakes that they did
Presumably you'll have less features. I wrote a web server (in the 90s, so forgivable?), and I only implemented GET and query string for the API data, and nothing fancy, no cache headers, no redirects, no multipart, no gzip, no content-encoding negotiation, etc. Some of the APIs it hosted were ultimately hacked (thru encryption of the encrypted query string via plain DES, and the key was determined), but, so far as I know, it was not itself ever compromised.
Not impossible that your web server was 100% secure, but I doubt it because I think that I have never seen a server that didn't eventually need security patches.
I left the company and then about ten years later it was turned off. It was in C but was pretty mature framework, not C style strings. And the code was just “validate assumption for parsing, else return error” then “parse the next few bytes else return error”. Very simple small number of parameters, explicit length limits everywhere. And it was a public AOL end point so widely and continually attacked by people. I was there for maybe 7 years after deploying it and nothing (known) happened in that time.
Not sure about that... You might commit some of the same mistakes that they did