[Owasp-o2-platform] Focus on MOSS (Sharepoint)

dinis cruz dinis.cruz at owasp.org
Mon Jan 4 07:19:34 EST 2010

Now that the IBM contract has ended, I'm starting this January focused on
MOSS (Sharepoint) which is part of a project that I have been working on for
a while and that finally I can start publishing my techniques and (some) of
my findings.

I think that there are a couple guys here (on O2 or DotNet's mailing lists)
that are either currently involved in a Sharepoint related engagement or
have done it in the past. For them (and others interested in this topic)
please lets collaborate on this one and help to create MOSS Security Center
of Excellency here at OWASP :)

There was a MOSS thread a while back that proposed the creation of an OWASP
WIKI page to store this research. The link was to
http://www.owasp.org/index.php/Research_for_Sharepoint but there was no
content in there (Mark is there another page?) so I've started populating
this Research_for_Sharepoint<http://www.owasp.org/index.php/Research_for_Sharepoint>
with the following topics:

   - 1 Resources <#Resources>
      - 1.1 Microsoft resources <#Microsoft_resources>
      - 1.2 Other Resources and
      - 1.3 Presentations <#Presentations>
      - 1.4 Other interesting resources <#Other_interesting_resources>
      - 1.5 Other Blogs and Articles <#Other_Blogs_and_Articles>
      - 1.6 Security related technical
   - 2 Published Security issues <#Published_Security_issues>
      - 2.1 SharePoint related vulnerabilities and its
   - 3 MOSS Security related WebParts, Tools &
      - 3.1 Open Source <#Open_Source>
      - 3.2 Commercially Supported <#Commercially_Supported>
   - 4 Dangerous MOSS APIs <#Dangerous_MOSS_APIs>
   - 5 WebParts Security <#WebParts_Security>

This is far from complete and I still have quite a lot of research notes I
want to publish (please add the ones you know). Although all topics are now
on this page, I expect (as the content grows) this to be split into Multiple
MOSS related pages.

I also have a number of MOSS O2 related tools and scripts that I will be
publishing very soon :)

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100104/d06f81c5/attachment.html 

More information about the Owasp-o2-platform mailing list