Securing IIS Websites

by Jeremy Morgan

In this course, you'll learn how to lock down your IIS server. You'll discover various methods of attack, how they work and how to prevent them. You'll learn how to monitor your server to prevent future attacks.

Preview this course

What you'll learn

In this course, Securing IIS Websites, you'll gain the ability to secure your IIS Webservers and prevent attacks. First, you'll explore how to reduce your attack surface to avoid attracting attackers to your site. Next, you'll discover how to lock down IIS to prevent attacks from being successful. Finally, you'll learn how to monitor your server to identify or prevent attacks from happening. When you’re finished with this course, you’ll have the skills and knowledge of IIS Security needed to keep your websites safe.

Course Overview

1min

Course Overview 1m

Securing Windows Systems

29mins

Reducing IIS Vulnerabilities

38mins

Introduction 1m
IIS Attack Surface 3m
Reducing Exposed Information 5m
IIS Vulnerabilities 6m
Removing Unneeded IIS Modules 4m
Locking Down Error Pages 4m
IP Address Restrictions 6m
HTTP Request Filtering 8m
Summary 1m

Leveraging SSL and TLS on Your IIS Server

24mins

Introduction 1m
SSL Basics 5m
Cipher Suites 4m
Disabling TLS/SSL 3m
Installing SSL Certificates 5m
HTTP/2 and HTTP/3 5m
Conclusion 1m

Familiarizing Yourself with Exploits

19mins

Introduction 0m
Buffer Overflow 4m
CRLF Injection 3m
Phishing 1m
Cross Site Scripting 2m
SQL Injection 4m
Man in the Middle (MITM) Attacks 2m
Brute Force / Dictionary Attacks 2m
Summary 1m

Securing Your Applications

31mins

Introduction 1m
Managing Accounts 7m
Cross-Origin Resource Sharing (CORS) 4m
Securing Application Pools 4m
File and Folder Security 4m
Handling Mappings 5m
Authentication Methods 6m
Summary 0m

Monitoring Your Server

25mins

Introduction 1m
Reviewing Access Logs 5m
Event Tracing For Windows 3m
Windows Event Viewer 2m
Using Log Parser 5m
Health and Diagnostics 4m
Creating a Security Monitoring Plan 4m
Summary 1m

About the author

Jeremy Morgan

Jeremy Morgan is on a mission to help developers get better at what they do. He's a Senior Developer Evangelist for Pluralsight, and an avid tech blogger and speaker. He has two decades of experience as an engineer building software for everything from Fortune 100 companies to tiny startups. He stays immersed in the .NET/Azure world while always keeping one foot in the Linux ecosystem building Python and Go applications. He's primarily focused on backend API development and cloud infrastructur... more

See more courses by Jeremy Morgan

Ready to upskill? Get started

Contact Sales

Securing IIS Websites

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

Securing IIS Websites

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?