My first choice for a test server is a $10/mo LInux server on someone else's network. Won't run IIS, of course, but it turns out there's an alternative: run Asp.Net Core on Linux and serve it up with nginix. https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-3.1, If some bad actor messes it up, who cares?. Not that I'm running .Net in any form, of course. But I do have a $10/mo Linux test server for my testing (Lianja of course).

Hank

>IMO more the other way around: If you have a Box in a DeMilitarized Zone, accessing that server from both sides only via FTP is safer than having HTTPS server there as well.
>
>If you need to have HTTPS server running, yes probably minimally safer if disabled FTP(S) as there is HTTP get and set for files - dunno how much is mapped to identical OS routines in deeper OS levels.
>
>If the box is not seen from the Internet, trust your security (famous last words, I know)
>
>>I am enabling IIS on a Windows 10 computer. When adding Internet Information Services I have the branch FTP Server which consists of FTP Extensibility and FTP Service.
>>I am trying to decide if I need these on my Windows 10. I will use this PC for developing and testing ASP.NET app.
>>I read online that FTP server is used for uploading and downloading from anywhere to your computer.
>>But could this cause a security breach too?