Re: SharePoint Auditing

["S. R. White" <swprofile () yahoo com>]

Hi Ian,

From a penetration testing perspective, information (and a tool or two) for 
testing (mostly permissions and URL access) can be found at 
http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity-project/  


 I would suggest viewing the following presentation before digging into the 
tools as well:  
http://www.stachliu.com/wp-content/uploads/2011/02/ISSA-Phx-SharePoint_Security-05_Oct_2010.pdf


In this presentation there are some security related tools/web parts you can 
install and use to check for issues as well.  (See slide 28, 
http://sushi.codeplex.com/, and some others mixed in there...)

Hope this helps...

Scott





________________________________
From: "Allison, Ian" <Ian.C.Allison () am sony com>
To: "pauldotcom () mail pauldotcom com" <pauldotcom () pdc-mail pauldotcom com>
Sent: Thu, March 24, 2011 9:47:22 AM
Subject: [Pauldotcom] SharePoint Auditing


I am going to be starting a security review that also covers a SharePoint 
installation. I have a few decent resources and will be using Sharepoint Regex 
Search to search for “interesting” data. I have gone over the Microsoft 
SharePoint security document and it does an ok job but it is more of a planning 
document. Does anyone on this list have any good SharePoint security, SharePoint 
auditing resources or applications they have used before? 

 
Thanks,
 
Ian


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com