Difference between revisions of "Research for SharePoint (MOSS)"

From OWASP
Jump to: navigation, search
(Created page with 'This page contains research notes on Microsoft's SharePoint MOSS and WSS === SharePoint related vulnerabilities and its status === * http://milw0rm.com/exploits/8704 & http://mi…')
 
Line 1: Line 1:
 
This page contains research notes on Microsoft's SharePoint MOSS and WSS
 
This page contains research notes on Microsoft's SharePoint MOSS and WSS
  
=== SharePoint related vulnerabilities and its status ===
+
== Resources==
* http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
+
  
 
=== Microsoft resources===
 
=== Microsoft resources===
 
* [http://office.microsoft.com/download/afile.aspx?AssetID=AM102437421033 Security Architecture for SharePoint Products and Technologies] (Word Doc)
 
* [http://office.microsoft.com/download/afile.aspx?AssetID=AM102437421033 Security Architecture for SharePoint Products and Technologies] (Word Doc)
 
* [http://sharepoint.microsoft.com SharePoint Community Portal]
 
* [http://sharepoint.microsoft.com SharePoint Community Portal]
 +
* [http://technet.microsoft.com/en-us/library/cc262619.aspx Downloadable book: Security for Office SharePoint Server 2007] - [http://go.microsoft.com/fwlink/?LinkID=94375 link to 277 page Doc file]
  
 
=== Other Resources and Documentation===
 
=== Other Resources and Documentation===
 
* [http://www.finalcandidate.com/en/tandp/Pages/SharePointSecurityConcepts.aspx SharePoint Security Concepts] - contains a number of other links to more material
 
* [http://www.finalcandidate.com/en/tandp/Pages/SharePointSecurityConcepts.aspx SharePoint Security Concepts] - contains a number of other links to more material
* [http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/ SharePoint Security Best Practices]
+
* [http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/ SharePoint Security Best Practices] - $995 Gartner report
 +
* [http://sharepointmagazine.net/technical/administration/microsoft-office-sharepoint-server-2007-security-model Microsoft Office SharePoint Server 2007 Security Model]
 +
* [http://www.cmswire.com/cms/enterprise-cms/sharepoint-security-concerns-simply-a-lack-of-governance-003551.php SharePoint Security Concerns Simply a Lack of Governance?]
 +
* [http://www.cmswire.com/cms/enterprise-cms/governance-key-for-sharepoint-implementations-003123.php Governance Key for SharePoint Implementations]
 
=== Presentations ===
 
=== Presentations ===
* OWASP Houston Chapter - August 12, 2009 :  SharePoint Auditing and Penetration Testing [http://owasp.icrew.org/downloads/OWASP_ShohnTrojacek.pdf Presentation Download] <br>Presentation by:  Shohn Trojacek
+
* OWASP Houston Chapter - August 12, 2009 :  [http://owasp.icrew.org/downloads/OWASP_ShohnTrojacek.pdf SharePoint Auditing and Penetration Testing] Presentation by:  Shohn Trojacek
 
* from Denim group:
 
* from Denim group:
 
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TASSCCTEC2009_20090326.pdf Securing SharePoint (PDF Format)] - TASSCC Technology Education Conference in Austin, March 26, 2009
 
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TASSCCTEC2009_20090326.pdf Securing SharePoint (PDF Format)] - TASSCC Technology Education Conference in Austin, March 26, 2009
 
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
 
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
 +
 +
=== Other interesting resources===
 +
* [http://www.indeed.com.au/jobs?q=Moss+Security&l= MOSS Security jobs (in Australia)]
 +
* [http://www.cmswire.com/news/topic/sharepoint Articles on CMSWire about SharePoint]
 +
 +
== Published Security issues ==
 +
 +
=== SharePoint related vulnerabilities and its status ===
 +
* http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
 +
 +
 +
== MOSS Security related Tools ==
 +
=== Open Source ===
 +
 +
=== Commercially Supported ===
 +
* [http://www.surety.com/Offerings/AbsoluteProof/For-MS-SharePoint.aspx AbsoluteProof for MS SharePoint] - related article [http://www.cmswire.com/cms/enterprise-cms/surety-releases-absoluteproof-for-sharepoint-002471.php Surety Releases AbsoluteProof for SharePoint]

Revision as of 06:54, 4 January 2010

This page contains research notes on Microsoft's SharePoint MOSS and WSS

Contents

Resources

Microsoft resources

Other Resources and Documentation

Presentations

Other interesting resources

Published Security issues

SharePoint related vulnerabilities and its status


MOSS Security related Tools

Open Source

Commercially Supported