[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-dotnet
Subject: [Owasp-dotnet] Focus on MOSS (Sharepoint)
From: dinis cruz <dinis.cruz () owasp ! org>
Date: 2010-01-04 12:19:34
Message-ID: 60235a7b1001040419t24964ea2y14c1300168af03e8 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Now that the IBM contract has ended, I'm starting this January focused on
MOSS (Sharepoint) which is part of a project that I have been working on for
a while and that finally I can start publishing my techniques and (some) of
my findings.
I think that there are a couple guys here (on O2 or DotNet's mailing lists)
that are either currently involved in a Sharepoint related engagement or
have done it in the past. For them (and others interested in this topic)
please lets collaborate on this one and help to create MOSS Security Center
of Excellency here at OWASP :)
There was a MOSS thread a while back that proposed the creation of an OWASP
WIKI page to store this research. The link was to
http://www.owasp.org/index.php/Research_for_Sharepoint but there was no
content in there (Mark is there another page?) so I've started populating
this Research_for_Sharepoint<http://www.owasp.org/index.php/Research_for_Sharepoint>
page
with the following topics:
- 1 Resources <#Resources>
- 1.1 Microsoft resources <#Microsoft_resources>
- 1.2 Other Resources and
Documentation<#Other_Resources_and_Documentation>
- 1.3 Presentations <#Presentations>
- 1.4 Other interesting resources <#Other_interesting_resources>
- 1.5 Other Blogs and Articles <#Other_Blogs_and_Articles>
- 1.6 Security related technical
articles<#Security_related_technical_articles>
- 2 Published Security issues <#Published_Security_issues>
- 2.1 SharePoint related vulnerabilities and its
status<#SharePoint_related_vulnerabilities_and_its_status>
- 3 MOSS Security related WebParts, Tools &
services<#MOSS_Security_related_WebParts.2C_Tools__.26_services>
- 3.1 Open Source <#Open_Source>
- 3.2 Commercially Supported <#Commercially_Supported>
- 4 Dangerous MOSS APIs <#Dangerous_MOSS_APIs>
- 5 WebParts Security <#WebParts_Security>
This is far from complete and I still have quite a lot of research notes I
want to publish (please add the ones you know). Although all topics are now
on this page, I expect (as the content grows) this to be split into Multiple
MOSS related pages.
I also have a number of MOSS O2 related tools and scripts that I will be
publishing very soon :)
Dinis Cruz
Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
[Attachment #5 (text/html)]
Now that the IBM contract has ended, I'm starting this January focused on MOSS \
(Sharepoint) which is part of a project that I have been working on for a while and \
that finally I can start publishing my techniques and (some) of my findings.<div> \
<br></div><div>I think that there are a couple guys here (on O2 or DotNet's \
mailing lists) that are either currently involved in a Sharepoint related engagement \
or have done it in the past. For them (and others interested in this topic) please \
lets collaborate on this one and help to create MOSS Security Center of Excellency \
here at OWASP :)</div> <div><br></div><div>There was a MOSS thread a while back that \
proposed the creation of an OWASP WIKI page to store this research. The link was to \
<a href="http://www.owasp.org/index.php/Research_for_Sharepoint">http://www.owasp.org/index.php/Research_for_Sharepoint</a> \
but there was no content in there (Mark is there another page?) so I've started \
populating this <a href="http://www.owasp.org/index.php/Research_for_Sharepoint">Research_for_Sharepoint</a> \
page with the following topics:</div> <div><br></div><blockquote \
class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: \
0px;"><div><span class="Apple-style-span" style="font-family: sans-serif; font-size: \
12px; line-height: 19px; -webkit-border-horizontal-spacing: 2px; \
-webkit-border-vertical-spacing: 2px; "><ul style="line-height: 1.5em; \
list-style-type: none; margin-top: 0.3em; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; \
padding-left: 0px; list-style-image: none; text-align: left; "> <li \
class="toclevel-1" style="margin-bottom: 0.1em; "><a href="#Resources" \
style="text-decoration: none; color: rgb(90, 54, 150); background-image: none; \
background-attachment: initial; background-origin: initial; background-clip: initial; \
background-color: initial; background-position: initial initial; background-repeat: \
initial initial; "><span class="tocnumber">1</span> <span \
class="toctext">Resources</span></a><ul style="line-height: 1.5em; list-style-type: \
none; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 2em; \
padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; \
list-style-image: none; text-align: left; "> <li class="toclevel-2" \
style="margin-bottom: 0.1em; "><a href="#Microsoft_resources" style="text-decoration: \
none; color: rgb(0, 43, 184); background-image: none; background-attachment: initial; \
background-origin: initial; background-clip: initial; background-color: initial; \
background-position: initial initial; background-repeat: initial initial; "><span \
class="tocnumber">1.1</span> <span class="toctext">Microsoft \
resources</span></a></li> <li class="toclevel-2" style="margin-bottom: 0.1em; "><a \
href="#Other_Resources_and_Documentation" style="text-decoration: none; color: rgb(0, \
43, 184); background-image: none; background-attachment: initial; background-origin: \
initial; background-clip: initial; background-color: initial; background-position: \
initial initial; background-repeat: initial initial; "><span \
class="tocnumber">1.2</span> <span class="toctext">Other Resources and \
Documentation</span></a></li> <li class="toclevel-2" style="margin-bottom: 0.1em; \
"><a href="#Presentations" style="text-decoration: none; color: rgb(0, 43, 184); \
background-image: none; background-attachment: initial; background-origin: initial; \
background-clip: initial; background-color: initial; background-position: initial \
initial; background-repeat: initial initial; "><span class="tocnumber">1.3</span> \
<span class="toctext">Presentations</span></a></li> <li class="toclevel-2" \
style="margin-bottom: 0.1em; "><a href="#Other_interesting_resources" \
style="text-decoration: none; color: rgb(0, 43, 184); background-image: none; \
background-attachment: initial; background-origin: initial; background-clip: initial; \
background-color: initial; background-position: initial initial; background-repeat: \
initial initial; "><span class="tocnumber">1.4</span> <span class="toctext">Other \
interesting resources</span></a></li> <li class="toclevel-2" style="margin-bottom: \
0.1em; "><a href="#Other_Blogs_and_Articles" style="text-decoration: none; color: \
rgb(0, 43, 184); background-image: none; background-attachment: initial; \
background-origin: initial; background-clip: initial; background-color: initial; \
background-position: initial initial; background-repeat: initial initial; "><span \
class="tocnumber">1.5</span> <span class="toctext">Other Blogs and \
Articles</span></a></li> <li class="toclevel-2" style="margin-bottom: 0.1em; "><a \
href="#Security_related_technical_articles" style="text-decoration: none; color: \
rgb(0, 43, 184); background-image: none; background-attachment: initial; \
background-origin: initial; background-clip: initial; background-color: initial; \
background-position: initial initial; background-repeat: initial initial; "><span \
class="tocnumber">1.6</span> <span class="toctext">Security related technical \
articles</span></a></li> </ul></li><li class="toclevel-1" style="margin-bottom: \
0.1em; "><a href="#Published_Security_issues" style="text-decoration: none; color: \
rgb(0, 43, 184); background-image: none; background-attachment: initial; \
background-origin: initial; background-clip: initial; background-color: initial; \
background-position: initial initial; background-repeat: initial initial; "><span \
class="tocnumber">2</span> <span class="toctext">Published Security \
issues</span></a><ul style="line-height: 1.5em; list-style-type: none; margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 2em; padding-top: 0px; \
padding-right: 0px; padding-bottom: 0px; padding-left: 0px; list-style-image: none; \
text-align: left; "> <li class="toclevel-2" style="margin-bottom: 0.1em; "><a \
href="#SharePoint_related_vulnerabilities_and_its_status" style="text-decoration: \
none; color: rgb(0, 43, 184); background-image: none; background-attachment: initial; \
background-origin: initial; background-clip: initial; background-color: initial; \
background-position: initial initial; background-repeat: initial initial; "><span \
class="tocnumber">2.1</span> <span class="toctext">SharePoint related vulnerabilities \
and its status</span></a></li> </ul></li><li class="toclevel-1" style="margin-bottom: \
0.1em; "><a href="#MOSS_Security_related_WebParts.2C_Tools__.26_services" \
style="text-decoration: none; color: rgb(0, 43, 184); background-image: none; \
background-attachment: initial; background-origin: initial; background-clip: initial; \
background-color: initial; background-position: initial initial; background-repeat: \
initial initial; "><span class="tocnumber">3</span> <span class="toctext">MOSS \
Security related WebParts, Tools & services</span></a><ul style="line-height: \
1.5em; list-style-type: none; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 2em; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; \
padding-left: 0px; list-style-image: none; text-align: left; "> <li \
class="toclevel-2" style="margin-bottom: 0.1em; "><a href="#Open_Source" \
style="text-decoration: none; color: rgb(0, 43, 184); background-image: none; \
background-attachment: initial; background-origin: initial; background-clip: initial; \
background-color: initial; background-position: initial initial; background-repeat: \
initial initial; "><span class="tocnumber">3.1</span> <span class="toctext">Open \
Source</span></a></li> <li class="toclevel-2" style="margin-bottom: 0.1em; "><a \
href="#Commercially_Supported" style="text-decoration: none; color: rgb(0, 43, 184); \
background-image: none; background-attachment: initial; background-origin: initial; \
background-clip: initial; background-color: initial; background-position: initial \
initial; background-repeat: initial initial; "><span class="tocnumber">3.2</span> \
<span class="toctext">Commercially Supported</span></a></li> </ul></li><li \
class="toclevel-1" style="margin-bottom: 0.1em; "><a href="#Dangerous_MOSS_APIs" \
style="text-decoration: none; color: rgb(0, 43, 184); background-image: none; \
background-attachment: initial; background-origin: initial; background-clip: initial; \
background-color: initial; background-position: initial initial; background-repeat: \
initial initial; "><span class="tocnumber">4</span> <span class="toctext">Dangerous \
MOSS APIs</span></a></li> <li class="toclevel-1" style="margin-bottom: 0.1em; "><a \
href="#WebParts_Security" style="text-decoration: none; color: rgb(0, 43, 184); \
background-image: none; background-attachment: initial; background-origin: initial; \
background-clip: initial; background-color: initial; background-position: initial \
initial; background-repeat: initial initial; "><span class="tocnumber">5</span> <span \
class="toctext">WebParts Security</span></a></li> \
</ul></span></div></blockquote><meta charset="utf-8"><div><br></div><div>This is far \
from complete and I still have quite a lot of research notes I want to publish \
(please add the ones you know). Although all topics are now on this page, I expect \
(as the content grows) this to be split into Multiple MOSS related pages.</div> \
<div><br></div><div>I also have a number of MOSS O2 related tools and scripts that I \
will be publishing very soon :)</div><meta charset="utf-8"><div><br>Dinis \
Cruz<br><br>Blog: <a \
href="http://diniscruz.blogspot.com">http://diniscruz.blogspot.com</a><br>
Twitter: <a href="http://twitter.com/DinisCruz">http://twitter.com/DinisCruz</a><br>Web: \
<a href="http://www.owasp.org/index.php/O2">http://www.owasp.org/index.php/O2</a><br> \
</div>
_______________________________________________
Owasp-dotnet mailing list
Owasp-dotnet@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-dotnet
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic