References And Further Reading

General References

"Configure Computers for Secure Remote Administration" from CERT

http://www.cert.org/security-improvement/practices/p073.html

The Wayback Machine, 40 billion web pages archived since 1996

http://web.archive.org

HTTP status codes (as found in the HTTP RFC 2616)

http://www.w3.org/Protocols/rfc2616/rfc2616.html

Duwamish Books, Microsoft's .NET sample application

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dwamish7/html/vtoriduwamishbooks70.asp

ASP.NET 2.0 ViewState validationKey

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000007.asp

FrontPage

Microsoft FrontPage site

http://office.microsoft.com/frontpage

"How To Use URLScan with FrontPage 2000"

http://support.microsoft.com/?kbid=309394

"How To Use URLScan with FrontPage 2002"

http://support.microsoft.com/?kbid=318290

WebDAV

RFC 2518, WebDAV

ftp://ftp.isi.edu/in-notes/rfc2518.txt

mod_dav: a DAV module for Apache

http://www.webdav.org/mod_dav/

mod_dav, a WebDAV module for Apache

http://www.webdav.org/mod_dav/

"How to Disable WebDAV for IIS 5"

http://support.microsoft.com/?kbid=241520

Advisories, Bulletins, and

Vulnerabilities

"Microsoft FrontPage 98 Security Hell," by Marc Slemko, covers FP98 Server Extension on UNIX

http://www.worldgate.com/~marcs/fp/

NSFocus Security Advisory (SA2001-03), covering the FPSE VSRAD buffer overflow

http://www.nsfocus.com/english/homepage/sa01-03.htm

Microsoft Security Bulletin MS01-035, covering the FPSE VSRAD buffer overflow

http://www.microsoft.com/technet/security/bulletin/MS01-035.asp

Free Tools

Netcat for Windows

http://www.atstake.com/research/tools/nc11nt.zip

Cadaver, a command-line WebDAV client for UNIX/Linux

http://www.webdav.org/cadaver/

WebDAV client and server software implementations , listed by University of California, Irvine

http://www.ics.uci.edu/~ejw/authoring/implementation.html

Microsoft IIS Lockdown and URLScan tools

http://www.microsoft.com/