This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Research for SharePoint (MOSS)"
From OWASP
Dinis.cruz (talk | contribs) |
Dinis.cruz (talk | contribs) |
||
| Line 3: | Line 3: | ||
== Resources== | == Resources== | ||
| − | === Microsoft resources=== | + | ==== Microsoft resources==== |
* [http://office.microsoft.com/download/afile.aspx?AssetID=AM102437421033 Security Architecture for SharePoint Products and Technologies] (Word Doc) | * [http://office.microsoft.com/download/afile.aspx?AssetID=AM102437421033 Security Architecture for SharePoint Products and Technologies] (Word Doc) | ||
* [http://sharepoint.microsoft.com SharePoint Community Portal] | * [http://sharepoint.microsoft.com SharePoint Community Portal] | ||
| Line 9: | Line 9: | ||
* [http://blogs.msdn.com/arpans/archive/2008/05/09/sharepoint-end-user-security.aspx SharePoint End User Security] | * [http://blogs.msdn.com/arpans/archive/2008/05/09/sharepoint-end-user-security.aspx SharePoint End User Security] | ||
| − | === Other Resources and Documentation=== | + | ==== Other Resources and Documentation==== |
* [http://www.finalcandidate.com/en/tandp/Pages/SharePointSecurityConcepts.aspx SharePoint Security Concepts] - contains a number of other links to more material | * [http://www.finalcandidate.com/en/tandp/Pages/SharePointSecurityConcepts.aspx SharePoint Security Concepts] - contains a number of other links to more material | ||
* [http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/ SharePoint Security Best Practices] - $995 Gartner report | * [http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/ SharePoint Security Best Practices] - $995 Gartner report | ||
| Line 16: | Line 16: | ||
* [http://www.cmswire.com/cms/enterprise-cms/governance-key-for-sharepoint-implementations-003123.php Governance Key for SharePoint Implementations] | * [http://www.cmswire.com/cms/enterprise-cms/governance-key-for-sharepoint-implementations-003123.php Governance Key for SharePoint Implementations] | ||
| − | === Presentations === | + | ==== Presentations ==== |
* OWASP Houston Chapter - August 12, 2009 : [http://owasp.icrew.org/downloads/OWASP_ShohnTrojacek.pdf SharePoint Auditing and Penetration Testing] Presentation by: Shohn Trojacek | * OWASP Houston Chapter - August 12, 2009 : [http://owasp.icrew.org/downloads/OWASP_ShohnTrojacek.pdf SharePoint Auditing and Penetration Testing] Presentation by: Shohn Trojacek | ||
* from Denim group: | * from Denim group: | ||
| Line 22: | Line 22: | ||
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009 | ** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009 | ||
| − | === Other interesting resources=== | + | ==== Other interesting resources==== |
* [http://www.indeed.com.au/jobs?q=Moss+Security&l= MOSS Security jobs (in Australia)] | * [http://www.indeed.com.au/jobs?q=Moss+Security&l= MOSS Security jobs (in Australia)] | ||
* [http://www.cmswire.com/news/topic/sharepoint Articles on CMSWire about SharePoint] | * [http://www.cmswire.com/news/topic/sharepoint Articles on CMSWire about SharePoint] | ||
| − | + | ==== Other Blogs and Articles ==== | |
| − | === Other Blogs and Articles === | ||
* [http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212903345 Microsoft SharePoint: A Weak Link In Enterprise Security?] - Dark Reading | * [http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212903345 Microsoft SharePoint: A Weak Link In Enterprise Security?] - Dark Reading | ||
| − | === Security related technical articles === | + | ==== Security related technical articles ==== |
* [http://www.sharepointsecurity.com/sharepoint/sharepoint-security/how-to-programmatically-disable-code-access-security/ How to Programmatically Disable Code Access Security] | * [http://www.sharepointsecurity.com/sharepoint/sharepoint-security/how-to-programmatically-disable-code-access-security/ How to Programmatically Disable Code Access Security] | ||
| + | |||
== Published Security issues == | == Published Security issues == | ||
=== SharePoint related vulnerabilities and its status === | === SharePoint related vulnerabilities and its status === | ||
| + | * {Note: Add MSRC case} | ||
* http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf | * http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf | ||
Revision as of 12:08, 4 January 2010
This page contains research notes on Microsoft's SharePoint MOSS and WSS
Resources
Microsoft resources
- Security Architecture for SharePoint Products and Technologies (Word Doc)
- SharePoint Community Portal
- Downloadable book: Security for Office SharePoint Server 2007 - link to 277 page Doc file
- SharePoint End User Security
Other Resources and Documentation
- SharePoint Security Concepts - contains a number of other links to more material
- SharePoint Security Best Practices - $995 Gartner report
- Microsoft Office SharePoint Server 2007 Security Model
- SharePoint Security Concerns Simply a Lack of Governance?
- Governance Key for SharePoint Implementations
Presentations
- OWASP Houston Chapter - August 12, 2009 : SharePoint Auditing and Penetration Testing Presentation by: Shohn Trojacek
- from Denim group:
- Securing SharePoint (PDF Format) - TASSCC Technology Education Conference in Austin, March 26, 2009
- Securing Sharepoint (PDF Format) - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
Other interesting resources
Other Blogs and Articles
- Microsoft SharePoint: A Weak Link In Enterprise Security? - Dark Reading
Published Security issues
- {Note: Add MSRC case}
- http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
Open Source
- From CodePlex (see more on this search for SharePoint Security
