Research for SharePoint (MOSS)

This page contains research notes on Microsoft's SharePoint MOSS and WSS

Microsoft resources

 * Security Architecture for SharePoint Products and Technologies (Word Doc)
 * SharePoint Community Portal
 * Downloadable book: Security for Office SharePoint Server 2007 - link to 277 page Doc file
 * SharePoint End User Security

Other Resources and Documentation

 * SharePoint Security Concepts - contains a number of other links to more material
 * SharePoint Security Best Practices - $995 Gartner report
 * Microsoft Office SharePoint Server 2007 Security Model
 * SharePoint Security Concerns Simply a Lack of Governance?
 * Governance Key for SharePoint Implementations

Presentations

 * OWASP Houston Chapter - August 12, 2009 : SharePoint Auditing and Penetration Testing Presentation by:  Shohn Trojacek
 * from Denim group:
 * Securing SharePoint (PDF Format) - TASSCC Technology Education Conference in Austin, March 26, 2009
 * Securing Sharepoint (PDF Format) - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
 * A Primer to SharePoint Security - video

Other interesting resources

 * MOSS Security jobs (in Australia)
 * Articles on CMSWire about SharePoint

Other Blogs and Articles

 * Microsoft SharePoint: A Weak Link In Enterprise Security? - Dark Reading

Security related technical articles

 * How to Programmatically Disable Code Access Security

SharePoint related vulnerabilities and its status

 * {Note: Add MSRC case}
 * http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf

Open Source

 * From CodePlex (see more on this search for SharePoint Security
 * SharePoint Security Templates (CodePlex)
 * SharePoint Security Configuration Feature
 * Sharepoint Access Checker Web Part
 * Site Security Management Utility
 * CryptoCollaboration For SharePoint

Commercially Supported

 * ARB Security Solutions (www.sharepointsecurity.com)
 * AbsoluteProof for MS SharePoint - related article Surety Releases AbsoluteProof for SharePoint

Dangerous MOSS APIs
Map the security implications of MOSS APIs, for example:
 * which APIs (if badly used)are vulnerable to: XSS, CSRF, SQL Injection
 * configuration settings that have security implications

WebParts Security

 * Security ratings & mappings of MOSS Deployed Web Parts
 * Security ratings & mappings of 3rd Part Web Parts