IIS 5.0 Security Checklist at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/chklist/iis5chk.asp .
Security Tools and Checklists at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp .
Windows 2000 Common Criteria Guide (see Chapter 4) at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/issues/W2kCCSCG/default.asp .
The Windows 2000 Common Criteria Security Target (ST) provides a set of security requirements taken from the Common Criteria (CC) for Information Technology Security Evaluation. The Windows 2000 product was evaluated against the Windows 2000 ST and satisfies the ST requirements.
This document is written for those who are responsible for ensuring that the installation and configuration process results in a secure configuration. A secure configuration is one that enforces the requirements presented in the Windows 2000 ST, referred to as the Evaluated Configuration.
Reference hub from Building Secure ASP.NET Applications at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP03.asp?frame=true .
CERT Security Improvement Modules at http://www.cert.org/security-improvement/skip.html .
SANs TOP 20 List at http://www.sans.org/top20/ .
CERT (Computer Emergency Response Team) at http://www.cert.org .
http://www.w3.org/Security/faq/www-security-faq.html .