I categorize them in 3 buckets
1) Web server Configurations
2) Database Configurations
3) Application Level Configurations
Database Configurations
- Installation Considerations for Production Servers
- Patches and Updates
- Protocols Accounts
- Shares
- Ports
- Auditing and Logging
- Files and Directories
- Services
- Registry
- SQL Server Database Objects
- SQL Server Security
- SQL Server Users
- SQL Server Logins
- SQL Server Roles
Web Server Configurations
- IIS Lockdown
- Patches and Updates
- Services
- Accounts
- Protocols
- Files and Directories
- Ports
- Shares
- Registry
- Sites and Virtual Directories
- Auditing and Logging
- Script Mappings
- IIS Metabase
- ISAPI Filters
- Server Certificates
- Code Access Security
- Machine.config
- Other Check Points
Application Level Configurations
- Web Server
- IIS Specific
- SQL Server Specific
- Source Code
- Auditing and Logging
- ASP.Net 2.0 Specific Issues
