Jason Coombs has released a free ebook, "IIS Security and Programming Countermeasures," that is designed to help administrators and programmers better secure their Microsoft Internet Information Services (IIS) servers.
The book is written in 16 chapters that cover threats to Web server security, IIS information services, server farms, Windows platform architecture, ASP.NET architecture, secure scripting, TCP/IP vulnerabilities, transaction-processing security, safety assurance for program code, ISAPI hardening, authentication, Trojan horses and root kits, certificates and encryption, publishing points, and baseline security proofs.
Coombs said, "[The] book shows [you] how to harden IIS and its hosted Web applications and services against attacks so that all known, and hopefully all possible, black hat exploits can be prevented with solid data security technology, secure Web application code, application-specific threat countermeasures, and a security policy appropriate to the level of protection required for each [server]."
"IIS Security and Programming Countermeasures" is available in basic text files that include screenshots. You can download a copy in zip format at the forensics.org Web site.