Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Assessing SharePoint Security

From: "Mayne, Jim" <j.mayne () TCU EDU>
Date: Thu, 31 May 2012 10:07:25 -0500
Dan,
  I understand that IdentityFinder has a SharePoint module to allow it to crawl a SharePoint database. We use the 
general product but not this module.

http://www.identityfinder.com/us/Business/IdentityFinder/SharePointSearchModule

Jim

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Woodruff, Dan
Sent: Thursday, May 31, 2012 10:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Assessing SharePoint Security

SharePoint is used heavily as a collaboration tool and documentation repository in our environment, and we are trying 
to determine the best approach to take to assess its security. One activity we would like to perform is to scan 
document repository content for sensitive data. Since the backend for SharePoint is a database, we'd have to figure out 
a way to extract the documents to flat files so they could be examined en masse. Are there any tools that will automate 
the extraction?

Other than assessing the application to standards and policies, how are other schools assessing SharePoint? Are you 
performing any kind of technical assessment such as a penetration test and if so, has it been a valuable (actionable) 
exercise? I fear performing a web application penetration test of such a dynamic and complex application would be a 
daunting task with little valuable output.

Thank you for any insight,

Dan Woodruff
University IT Security and Policy
University of Rochester
Previous By Date Next
Previous By Thread Next

Current thread: