It may be easier to break into someone's home-brew system, but generally it would be unlikely to happen unless you were being otherwise targetted.
Just how "home-brew" are we talking here? If there's any web-facing code that you didn't write yourself, whether commercial or open-source or whatever, that's a target for attackers that just scan everything looking for known vulnerable services.
If it is entirely custom, I'm fairly sure there are a few classes of common security errors that can be reasonably well tested for without direct human involvement. Which brings back the threat of attackers just scanning for all available targets.
Just how "home-brew" are we talking here? If there's any web-facing code that you didn't write yourself, whether commercial or open-source or whatever, that's a target for attackers that just scan everything looking for known vulnerable services.
If it is entirely custom, I'm fairly sure there are a few classes of common security errors that can be reasonably well tested for without direct human involvement. Which brings back the threat of attackers just scanning for all available targets.