- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
SANS InfoSec Reading Room - Web Servers
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 20 papers as of Aug 29, 2008
- A Reverse Proxy Is A Proxy By Any Other Name
- Art Stricek
- January 18, 2007
- - download paper
- Secure Session Management: Preventing Security Voids in Web Applications
- Luke Murphey
- May 5, 2005
- - download paper
- Securing an IIS Web Server Using Novell’s iChain
- Jeff Hermans
- May 5, 2005
- - download paper
- A Guide to Discovering Web Application Insecurities, Before Attackers Do
- Don Williams
- March 9, 2005
- - download paper
- Authentication and Session Management on the Web
- Paul Johnston
- January 28, 2005
- - download paper
- Domino Web Server
- Karen Zwolski
- May 2, 2004
- - download paper
- Web Authentication Security
- Donna Selman
- November 6, 2003
- - download paper
- Security Elements of IIS 6.0
- Anthony DeVoto
- November 5, 2003
- - download paper
- Security Strengths and Weaknesses of Two Popular Web Servers
- Brad Bell
- October 31, 2003
- - download paper
- Securing Microsoft's Internet Information Server 5.0
- Ben White
- October 31, 2003
- - download paper
- Proactively Guarding Against Unknown Web Server Attacks
- William Geiger
- October 31, 2003
- - download paper
- Understanding IIS Vulnerabilities - Fix Them!
- Nor Azuwa Pahri
- October 31, 2003
- - download paper
- Securing a Windows 2000 IIS Web Server - Lessons Learned
- Harpal Parmar
- October 31, 2003
- - download paper
- Using Open Source Software to Proxy, Authenticate, and Monitor User Web Habits
- Jason D. Gregg
- October 31, 2003
- - download paper
- Securing Microsoft Web Applications - A Guide for Systems Administrators
- Matt Pogue
- October 31, 2003
- - download paper
- Web Application Security, with a Focus on ColdFusion
- Joseph Higgins
- October 31, 2003
- - download paper
- Securing e-Commerce Web Sites
- Ariel Pisetsky
- October 31, 2003
- - download paper
- Basic IIS 5.0 Default Web Server Security
- Terri Carroll
- October 31, 2003
- - download paper
- Securing IIS within an Outook Web Access 2000 environment
- Dave Munger
- October 31, 2003
- - download paper
- Using Microsoft's IISlockdown Tool to Protect Your IIS Web Server
- Jeff Wichman
- October 31, 2003
- - download paper
Check Them Out!
This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC
