HTTP is a ubiquitous and (frequently) an easily compromised service. Through regular auditing, many of the risks of operating web servers can be minimized. This presentation will cover a number of topics, such as common problems on web servers and running well-known tools against HTTPS servers. Other areas include: a cursory introduction to PKI, weaknesses of SSL-enabled web servers, IDS evasion and Microsoft, the impact of the web server compromise (and how to take it further), common application level weaknesses and future problems around the use of web servers, and the Internet as an information medium.