Assessing IIS Configuration Remotely
This document will look at the relatively unsung skill of assessing the in-depth configuration of a Microsoft IIS web server remotely, showing how to “read” server responses to do this. Hopefully this paper will show how to use two seemingly disparate pieces of information to help determine an attack and therefore assess the associated risk.
Download the paper in PDF format here.