Difference between revisions of "Research for SharePoint (MOSS)"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
== Resources==
 
== Resources==
  
=== Microsoft resources===
+
==== Microsoft resources====
 
* [http://office.microsoft.com/download/afile.aspx?AssetID=AM102437421033 Security Architecture for SharePoint Products and Technologies] (Word Doc)
 
* [http://office.microsoft.com/download/afile.aspx?AssetID=AM102437421033 Security Architecture for SharePoint Products and Technologies] (Word Doc)
 
* [http://sharepoint.microsoft.com SharePoint Community Portal]
 
* [http://sharepoint.microsoft.com SharePoint Community Portal]
Line 9: Line 9:
 
* [http://blogs.msdn.com/arpans/archive/2008/05/09/sharepoint-end-user-security.aspx SharePoint End User Security]
 
* [http://blogs.msdn.com/arpans/archive/2008/05/09/sharepoint-end-user-security.aspx SharePoint End User Security]
  
=== Other Resources and Documentation===
+
==== Other Resources and Documentation====
 
* [http://www.finalcandidate.com/en/tandp/Pages/SharePointSecurityConcepts.aspx SharePoint Security Concepts] - contains a number of other links to more material
 
* [http://www.finalcandidate.com/en/tandp/Pages/SharePointSecurityConcepts.aspx SharePoint Security Concepts] - contains a number of other links to more material
 
* [http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/ SharePoint Security Best Practices] - $995 Gartner report  
 
* [http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/ SharePoint Security Best Practices] - $995 Gartner report  
Line 16: Line 16:
 
* [http://www.cmswire.com/cms/enterprise-cms/governance-key-for-sharepoint-implementations-003123.php Governance Key for SharePoint Implementations]
 
* [http://www.cmswire.com/cms/enterprise-cms/governance-key-for-sharepoint-implementations-003123.php Governance Key for SharePoint Implementations]
  
=== Presentations ===
+
==== Presentations ====
 
* OWASP Houston Chapter - August 12, 2009 :  [http://owasp.icrew.org/downloads/OWASP_ShohnTrojacek.pdf SharePoint Auditing and Penetration Testing] Presentation by:  Shohn Trojacek
 
* OWASP Houston Chapter - August 12, 2009 :  [http://owasp.icrew.org/downloads/OWASP_ShohnTrojacek.pdf SharePoint Auditing and Penetration Testing] Presentation by:  Shohn Trojacek
 
* from Denim group:
 
* from Denim group:
Line 22: Line 22:
 
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
 
** [http://www.denimgroup.com/media/pdfs/DenimGroup_SecuringSharePoint_TRISC_20090324.pdf Securing Sharepoint (PDF Format)] - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
  
=== Other interesting resources===
+
==== Other interesting resources====
 
* [http://www.indeed.com.au/jobs?q=Moss+Security&l= MOSS Security jobs (in Australia)]
 
* [http://www.indeed.com.au/jobs?q=Moss+Security&l= MOSS Security jobs (in Australia)]
 
* [http://www.cmswire.com/news/topic/sharepoint Articles on CMSWire about SharePoint]
 
* [http://www.cmswire.com/news/topic/sharepoint Articles on CMSWire about SharePoint]
  
 
+
==== Other Blogs and Articles ====
=== Other Blogs and Articles ===
+
 
* [http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212903345 Microsoft SharePoint: A Weak Link In Enterprise Security?] - Dark Reading
 
* [http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212903345 Microsoft SharePoint: A Weak Link In Enterprise Security?] - Dark Reading
  
=== Security related technical articles ===
+
==== Security related technical articles ====
 
* [http://www.sharepointsecurity.com/sharepoint/sharepoint-security/how-to-programmatically-disable-code-access-security/ How to Programmatically Disable Code Access Security]
 
* [http://www.sharepointsecurity.com/sharepoint/sharepoint-security/how-to-programmatically-disable-code-access-security/ How to Programmatically Disable Code Access Security]
 +
  
 
== Published Security issues ==
 
== Published Security issues ==
  
 
=== SharePoint related vulnerabilities and its status ===
 
=== SharePoint related vulnerabilities and its status ===
 +
* {Note: Add MSRC case}
 
* http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
 
* http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
  

Revision as of 07:08, 4 January 2010

This page contains research notes on Microsoft's SharePoint MOSS and WSS

Resources

Microsoft resources

Other Resources and Documentation

Presentations

Other interesting resources

Other Blogs and Articles

Security related technical articles


Published Security issues

SharePoint related vulnerabilities and its status


MOSS Security related WebParts, Tools & services

Open Source

Commercially Supported