locked
SharePoint Security Testing Tools RRS feed

  • Question

  • Hi Team,

    Anyone have list of suggested security testing tools for SharePoint applications?

    Thanks,

    Shanthala

    Friday, April 1, 2011 10:29 AM

Answers

  • It depends what you are trying to test - are you looking to audit permissions, or check for vulnerabilities that may have been introduced through customisations or infrastructure issues?

    As far as permissions audits are concerned there are a number of third party tools provided by companies such as Idera and Quest that can do this in an automated fashion.

    On the software configuration side, the SharePoint 2010 Best Practices analyser (within Central Administration) does a fair job of monitoring for common security misconfiguration (e.g. service accounts with admin access).

    To test custom code you can either adopt a white box (thorough) or black box (cheaper) approach.

    A black box approach typically takes the form of an external penetration test. As far as tools are concerned there are numerous traditional penetration test tools available such as Nmap and Nessus but they do require a good understanding of application security to be of any use.

    For white box tests you would probably consider hiring an external security firm to review your code and ensure that it meets security best practices. 


    Benjamin Athawes - MCTS & MCITP SharePoint 2010
    Twitter
    SharePoint Blog

    Sunday, April 3, 2011 9:21 PM
  • You can test your security with Xavor SharePoint Admin Tools . You can download them from here. Another approach where you can get this feature is Xavor SharePoint 2010 Migrator. It has an evaluation version that you can use to check user group or security on any item by connecting and right clicking on any item and selecting “Show user Group or Security”. Please download the evaluation version of Xavor SharePoint 2010 Migrator from here>>http://www.xavor.com/index.php/what-we-do/solutions/xavor-sharepoint-2010-migrator/download-free-xavor-sharepoint-2010-migrator-trial/
    Wednesday, April 6, 2011 5:24 AM

All replies

  • It depends what you are trying to test - are you looking to audit permissions, or check for vulnerabilities that may have been introduced through customisations or infrastructure issues?

    As far as permissions audits are concerned there are a number of third party tools provided by companies such as Idera and Quest that can do this in an automated fashion.

    On the software configuration side, the SharePoint 2010 Best Practices analyser (within Central Administration) does a fair job of monitoring for common security misconfiguration (e.g. service accounts with admin access).

    To test custom code you can either adopt a white box (thorough) or black box (cheaper) approach.

    A black box approach typically takes the form of an external penetration test. As far as tools are concerned there are numerous traditional penetration test tools available such as Nmap and Nessus but they do require a good understanding of application security to be of any use.

    For white box tests you would probably consider hiring an external security firm to review your code and ensure that it meets security best practices. 


    Benjamin Athawes - MCTS & MCITP SharePoint 2010
    Twitter
    SharePoint Blog

    Sunday, April 3, 2011 9:21 PM
  • You can test your security with Xavor SharePoint Admin Tools . You can download them from here. Another approach where you can get this feature is Xavor SharePoint 2010 Migrator. It has an evaluation version that you can use to check user group or security on any item by connecting and right clicking on any item and selecting “Show user Group or Security”. Please download the evaluation version of Xavor SharePoint 2010 Migrator from here>>http://www.xavor.com/index.php/what-we-do/solutions/xavor-sharepoint-2010-migrator/download-free-xavor-sharepoint-2010-migrator-trial/
    Wednesday, April 6, 2011 5:24 AM