Answers can be found at http://mdsec.net/wahh.
- Under what circumstances does a web server display a directory listing?
- What are WebDAV methods used for, and why might they be dangerous?
- How can you exploit a web server that is configured to act as a web proxy?
- What is the Oracle PL/SQL Exclusion List, and how can it be bypassed?
- If a web server allows access to its functionality over both HTTP and HTTPS, are there any advantages to using one protocol over the other when you are probing for vulnerabilities?