Reverse proxy pen testing

 

http://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents

The following resources may be of interest:

http://www.owasp.org/index.php/Testing_for_infrastructure_configuration_management_(OWASP-CM-003)
http://www.isecom.org/mirror/OSSTMM_3.0_LITE.pdf
http://www.modsecurity.org/documentation/Web_Application_Firewalls_-_When_Are_They_Useful.pdf
http://www.metasploit.org/data/confs/blackhat2007/tactical_paper.pdf
http://palisade.plynt.com/issues/2005May/reverse-proxy/
http://www.ists.dartmouth.edu/docs/labtest.pdf

Also, these old threads may provide you with some additional ideas:

http://seclists.org/pen-test/2007/Jan/0042.html
http://seclists.org/pen-test/2007/Jan/0044.html
http://seclists.org/pen-test/2007/Jan/0076.html
http://seclists.org/pen-test/2007/Jan/0091.html
http://seclists.org/pen-test/2005/Mar/0118.html
http://seclists.org/pen-test/2005/Mar/0119.html
http://seclists.org/pen-test/2004/Dec/0000.html
http://seclists.org/pen-test/2002/Jun/0110.html
http://seclists.org/pen-test/2002/Jun/0116.html