This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Research for SharePoint (MOSS)"
From OWASP
Dinis.cruz (talk | contribs) m (moved Research for Sharepoint to Research for SharePoint (MOSS): Better name) |
Dinis.cruz (talk | contribs) |
||
| Line 21: | Line 21: | ||
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TASSCCTEC2009_20090326.pdf Securing SharePoint (PDF Format)] - TASSCC Technology Education Conference in Austin, March 26, 2009 | ** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TASSCCTEC2009_20090326.pdf Securing SharePoint (PDF Format)] - TASSCC Technology Education Conference in Austin, March 26, 2009 | ||
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009 | ** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009 | ||
| + | ** [http://sp.meetdux.com/archive/2009/07/08/a-primer-to-sharepoint-security.aspx A Primer to SharePoint Security] - video | ||
==== Other interesting resources==== | ==== Other interesting resources==== | ||
Revision as of 17:47, 14 January 2010
This page contains research notes on Microsoft's SharePoint MOSS and WSS
Resources
Microsoft resources
- Security Architecture for SharePoint Products and Technologies (Word Doc)
- SharePoint Community Portal
- Downloadable book: Security for Office SharePoint Server 2007 - link to 277 page Doc file
- SharePoint End User Security
Other Resources and Documentation
- SharePoint Security Concepts - contains a number of other links to more material
- SharePoint Security Best Practices - $995 Gartner report
- Microsoft Office SharePoint Server 2007 Security Model
- SharePoint Security Concerns Simply a Lack of Governance?
- Governance Key for SharePoint Implementations
Presentations
- OWASP Houston Chapter - August 12, 2009 : SharePoint Auditing and Penetration Testing Presentation by: Shohn Trojacek
- from Denim group:
- Securing SharePoint (PDF Format) - TASSCC Technology Education Conference in Austin, March 26, 2009
- Securing Sharepoint (PDF Format) - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
- A Primer to SharePoint Security - video
Other interesting resources
Other Blogs and Articles
- Microsoft SharePoint: A Weak Link In Enterprise Security? - Dark Reading
Published Security issues
- {Note: Add MSRC case}
- http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
Open Source
- From CodePlex (see more on this search for SharePoint Security
Commercially Supported
- ARB Security Solutions (www.sharepointsecurity.com)
- AbsoluteProof for MS SharePoint - related article Surety Releases AbsoluteProof for SharePoint
Dangerous MOSS APIs
Map the security implications of MOSS APIs, for example:
- which APIs (if badly used)are vulnerable to: XSS, CSRF, SQL Injection
- configuration settings that have security implications
WebParts Security
- Security ratings & mappings of MOSS Deployed Web Parts
- Security ratings & mappings of 3rd Part Web Parts
