I built a high-performance web server in C that prioritizes security from the ground up. Key features:<p>- XSS protection and SQL injection prevention built into the core
- Rate limiting with IP tracking and automatic blocking
- Comprehensive security headers (CSP, HSTS, CORS)
- Multi-threaded architecture with connection pooling
- Zero-copy file serving for performance
- 100% test coverage with integration tests
- Pure C99, no external dependencies beyond POSIX<p>The goal was to create a web server that's secure by default and easy to audit (under 2000 lines of C). All security features are enabled out of the box with sensible defaults.<p>GitHub: <a href="https://github.com/erson/misewe">https://github.com/erson/misewe</a><p>I am looking for feedback, especially on the security implementation and test coverage. The code is MIT-licensed.