SlideShare a Scribd company logo

Taking the Share out of Sharepoint: SharePoint Application Security.

Aspenware
Aspenware

The beauty of SharePoint is you can quickly enable the business to do anything anywhere. That freedom and flexibility can create a serious security risk for your organization. With every service and application you roll out you also roll out new ways for hackers to get at your data. NetSource Secure, HOSTING, and Aspenware are pleased to bring you this critical SharePoint security presentation. In this presentation Senior SharePoint Architect Waughn Hughes and Senior Security Consultant Justin Tibbs will give you the information necessary to assess your SharePoint security risks and develop a plan for mitigating risks.

Technology
1 of 18
Download to read offline
Why Your SharePoint Applications are a Hackers Best Friend
Waughn Hughes Waughn has over 14 years of consulting experience, and has worked extensively with SharePoint for the past seven years as a developer and solutions architect. Solutions Architect | about.me/waughn
Justin Tibbs Justin Tibbs, developed and heads up the security solutions practice at NET Source, Inc, in Littleton Colorado. Prior to NET Source, Justin held positions at Cisco Systems, Lockheed Martin, and others, specializing in the areas of Vulnerability & Threat Research, Exploitation Development, and Secure Architecture Design. NET Source Security Director | about.me/justintibbs
Agenda • Introduction • SharePoint Tips and Tools Why Your SharePoint Applications are a Hackers Best Friend 4
Definitions Security Breach An act from outside an organization that bypasses or contravenes security policies, practices, or procedures. Security Violation An act from inside an organization that bypasses or contravenes security policies, practices, or procedures. Why Your SharePoint Applications are a Hackers Best Friend 5
National Security Agency "This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed." - National Security Agency Director and the Pentagon's Cyber Command Commander General Keith Alexander Why Your SharePoint Applications are a Hackers Best Friend NSA chief leaks info on data sharing tech: It's SharePoint, By Jack Clark Clear and Present Danger: Cyber-Crime; Cyber-Espionage; Cyber-Terror; and Cyber-War 6
Why SharePoint? Started as a way to simplify document sharing… 12 years and numerous releases later… Evolved into a platform for collaboration, document and file management, intranets, extranets, websites, enterprise search, business intelligence, business process automation, social networks, etc… Used by 78% of the Fortune 500 companies* Why Your SharePoint Applications are a Hackers Best Friend 7 * SharePoint 2010 : The First 10 Years [http://technet.microsoft.com/en-us/magazine/gg981684.aspx]
SharePoint Security Policy Why Your SharePoint Applications are a Hackers Best Friend 8 A recent study by Emedia, covered in full by InfoSecurity magazine in February 2013, found that only about one-third of organizations with 25-5000 users employing SharePoint have security policies covering the platform.
Installation & Configuration • Windows, SQL Server and .NET Stack • Security Patching • Service Accounts • Service Applications • Authentication • Web Applications, Site Collections and Sites Why Your SharePoint Applications are a Hackers Best Friend 9
Installation & Configuration: Tips • Review and install applicable service packs and cumulative updates • Plan for least-privilege administration and do not use single account to run SharePoint farm(s) • Understand the features and configuration options for service applications prior to deployment • Define authentication methods for the various web and extended web applications • Develop and use information architecture to define web applications, site collections and sites • Use metadata to identify data sensitivity Why Your SharePoint Applications are a Hackers Best Friend 10
Access Control • User Permissions • Excessive Access • Administrative Access Why Your SharePoint Applications are a Hackers Best Friend 11
Access Control: Tips • Train end users on the key permission feature within SharePoint (e.g. security groups, permission levels, and permissions inheritance) • Automate the review process to keep rights aligned with business needs • Enable auditing for sites that contain sensitive information • Access the need to use database encryption to protect content Why Your SharePoint Applications are a Hackers Best Friend 12
External Exposure: Demo Why Your SharePoint Applications are a Hackers Best Friend 13
External Exposure: Tips • Use Google or Bing to check for externally exposed information • Google Samples: • inurl:"/_layouts/viewlsts.aspx" • "all site content" filetype:aspx • Use port scanner like nMap to look for open listeners • Management applications • Misconfigured web services • Database listeners (SQL) • Pretend to be a hacker… Try Shodan, a search engine that lets you find specific types of computers using a variety of filters Why Your SharePoint Applications are a Hackers Best Friend 14
Development • Cross-Site Scripting • Cross-Site Request Forgery • Elevation of Privilege • Information Disclosure Why Your SharePoint Applications are a Hackers Best Friend 15
Development: Tips • Understand Code Access Security • Encode output properly using SPHttpUtility methods • Do not allow contributor users to add script to the site • Specify a charset in the Content-Type HTTP response header • Avoid using AllowUnsafeUpdates where possible • Check user permissions appropriately Why Your SharePoint Applications are a Hackers Best Friend 16
Questions? Why Your SharePoint Applications are a Hackers Best Friend 17
6000 Greenwood Plaza Blvd Suite 110 Greenwood Village, CO 80111 303.798.5458 www.aspenware.com Aspenware

Recommended

Developing Secure Web Apps
Developing Secure Web AppsDeveloping Secure Web Apps
Developing Secure Web AppsMark Garratt
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web ApplicationsMark Garratt
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service ProviderTyrone Systems
 
Ayala mar23
Ayala mar23Ayala mar23
Ayala mar23National Information Standards Organization (NISO)
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Ruby Meditation
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityEryk Budi Pratama
 
Information Security and Forensics
Information Security and ForensicsInformation Security and Forensics
Information Security and ForensicsTharindu Weerasinghe
 

Recommended

Developing Secure Web Apps
Developing Secure Web AppsDeveloping Secure Web Apps
Developing Secure Web AppsMark Garratt
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web ApplicationsMark Garratt
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service ProviderTyrone Systems
 
Ayala mar23
Ayala mar23Ayala mar23
Ayala mar23National Information Standards Organization (NISO)
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Ruby Meditation
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityEryk Budi Pratama
 
Information Security and Forensics
Information Security and ForensicsInformation Security and Forensics
Information Security and ForensicsTharindu Weerasinghe
 
Goans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryGoans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryNational Information Standards Organization (NISO)
 
SPUnite17 10 Steps to be Successful with Enterprise Search
SPUnite17 10 Steps to be Successful with Enterprise SearchSPUnite17 10 Steps to be Successful with Enterprise Search
SPUnite17 10 Steps to be Successful with Enterprise SearchNCCOMMS
 
OWASP, Application Security
OWASP, Application Security OWASP, Application Security
OWASP, Application Security Dilip Sharma
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking? Dignitas Digital Pvt. Ltd.
 
O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen
O365Con18 - Protecting your Data in Office 365 - Arjan CornelissenO365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen
O365Con18 - Protecting your Data in Office 365 - Arjan CornelissenNCCOMMS
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloudPeter Wood
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterCraig Jahnke
 
Basics of Security Testing
Basics of Security TestingBasics of Security Testing
Basics of Security TestingKarthikeyanRajendran27
 
Security & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedSecurity & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedAlan Eardley
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull.com
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveviewShreyas N
 
AWS User Group August Edition
AWS User Group August EditionAWS User Group August Edition
AWS User Group August EditionAndreas Wasita
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
OWASP Top Ten 2017
OWASP Top Ten 2017OWASP Top Ten 2017
OWASP Top Ten 2017Michael Furman
 
Universal Search for Legal Enterprises
Universal Search for Legal EnterprisesUniversal Search for Legal Enterprises
Universal Search for Legal EnterprisesAdhereSolutions
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
 
Ann West- Trust Federations: What We Have In Common
Ann West- Trust Federations: What We Have In CommonAnn West- Trust Federations: What We Have In Common
Ann West- Trust Federations: What We Have In CommonNational Information Standards Organization (NISO)
 
Enterprise search
Enterprise searchEnterprise search
Enterprise searchEmrah M. Işık
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 
SharePoint 2013 governance model
SharePoint 2013 governance modelSharePoint 2013 governance model
SharePoint 2013 governance modelYash Goley
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarConcept Searching, Inc
 

More Related Content

What's hot

SPUnite17 10 Steps to be Successful with Enterprise Search
SPUnite17 10 Steps to be Successful with Enterprise SearchSPUnite17 10 Steps to be Successful with Enterprise Search
SPUnite17 10 Steps to be Successful with Enterprise SearchNCCOMMS
 
OWASP, Application Security
OWASP, Application Security OWASP, Application Security
OWASP, Application Security Dilip Sharma
 
O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen
O365Con18 - Protecting your Data in Office 365 - Arjan CornelissenO365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen
O365Con18 - Protecting your Data in Office 365 - Arjan CornelissenNCCOMMS
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloudPeter Wood
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterCraig Jahnke
 
Security & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedSecurity & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedAlan Eardley
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull.com
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveviewShreyas N
 
AWS User Group August Edition
AWS User Group August EditionAWS User Group August Edition
AWS User Group August EditionAndreas Wasita
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
Universal Search for Legal Enterprises
Universal Search for Legal EnterprisesUniversal Search for Legal Enterprises
Universal Search for Legal EnterprisesAdhereSolutions
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 

What's hot (20)

Goans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryGoans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech Library
 
SPUnite17 10 Steps to be Successful with Enterprise Search
SPUnite17 10 Steps to be Successful with Enterprise SearchSPUnite17 10 Steps to be Successful with Enterprise Search
SPUnite17 10 Steps to be Successful with Enterprise Search
 
OWASP, Application Security
OWASP, Application Security OWASP, Application Security
OWASP, Application Security
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking?
 
O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen
O365Con18 - Protecting your Data in Office 365 - Arjan CornelissenO365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen
O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
 
Basics of Security Testing
Basics of Security TestingBasics of Security Testing
Basics of Security Testing
 
Security & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedSecurity & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts Explained
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
 
AWS User Group August Edition
AWS User Group August EditionAWS User Group August Edition
AWS User Group August Edition
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
OWASP Top Ten 2017
OWASP Top Ten 2017OWASP Top Ten 2017
OWASP Top Ten 2017
 
Universal Search for Legal Enterprises
Universal Search for Legal EnterprisesUniversal Search for Legal Enterprises
Universal Search for Legal Enterprises
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
Ann West- Trust Federations: What We Have In Common
Ann West- Trust Federations: What We Have In CommonAnn West- Trust Federations: What We Have In Common
Ann West- Trust Federations: What We Have In Common
 
Enterprise search
Enterprise searchEnterprise search
Enterprise search
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)
 

Similar to Taking the Share out of Sharepoint: SharePoint Application Security.

SharePoint 2013 governance model
SharePoint 2013 governance modelSharePoint 2013 governance model
SharePoint 2013 governance modelYash Goley
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarConcept Searching, Inc
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointAntonioMaio2
 
SharePoint Online vs. On-Premise
SharePoint Online vs. On-PremiseSharePoint Online vs. On-Premise
SharePoint Online vs. On-PremiseEvan Hodges
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
What You Need to Know Before Upgrading to SharePoint 2013
What You Need to Know Before Upgrading to SharePoint 2013What You Need to Know Before Upgrading to SharePoint 2013
What You Need to Know Before Upgrading to SharePoint 2013Perficient, Inc.
 
SharePpoint Support & Managed Services by Netpeach
SharePpoint Support & Managed Services by NetpeachSharePpoint Support & Managed Services by Netpeach
SharePpoint Support & Managed Services by NetpeachNagaraj Yerram
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalAscendum Solutions
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
#OCSPUG SharePoint 2013 Best Practices
#OCSPUG SharePoint 2013 Best Practices#OCSPUG SharePoint 2013 Best Practices
#OCSPUG SharePoint 2013 Best PracticesIvan Sanders
 
Company Profile - NPC with TIBCO Spotfire solution
Company Profile - NPC with TIBCO Spotfire solution Company Profile - NPC with TIBCO Spotfire solution
Company Profile - NPC with TIBCO Spotfire solution Sirinporn Setworaya
 
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryAge of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryInside Analysis
 
Neo4j GraphTour Santa Monica 2019 - Amundsen Presentation
Neo4j GraphTour Santa Monica 2019 - Amundsen PresentationNeo4j GraphTour Santa Monica 2019 - Amundsen Presentation
Neo4j GraphTour Santa Monica 2019 - Amundsen PresentationTamikaTannis
 
D Cornell Securing Share Point
D Cornell Securing Share PointD Cornell Securing Share Point
D Cornell Securing Share PointArt Upton
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Christian Buckley
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Securitymferraz
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint GovernanceImperva
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 

Similar to Taking the Share out of Sharepoint: SharePoint Application Security. (20)

SharePoint 2013 governance model
SharePoint 2013 governance modelSharePoint 2013 governance model
SharePoint 2013 governance model
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
 
SharePoint Online vs. On-Premise
SharePoint Online vs. On-PremiseSharePoint Online vs. On-Premise
SharePoint Online vs. On-Premise
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
What You Need to Know Before Upgrading to SharePoint 2013
What You Need to Know Before Upgrading to SharePoint 2013What You Need to Know Before Upgrading to SharePoint 2013
What You Need to Know Before Upgrading to SharePoint 2013
 
SharePpoint Support & Managed Services by Netpeach
SharePpoint Support & Managed Services by NetpeachSharePpoint Support & Managed Services by Netpeach
SharePpoint Support & Managed Services by Netpeach
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a Physical
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
#OCSPUG SharePoint 2013 Best Practices
#OCSPUG SharePoint 2013 Best Practices#OCSPUG SharePoint 2013 Best Practices
#OCSPUG SharePoint 2013 Best Practices
 
Company Profile - NPC with TIBCO Spotfire solution
Company Profile - NPC with TIBCO Spotfire solution Company Profile - NPC with TIBCO Spotfire solution
Company Profile - NPC with TIBCO Spotfire solution
 
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryAge of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide Discovery
 
Neo4j GraphTour Santa Monica 2019 - Amundsen Presentation
Neo4j GraphTour Santa Monica 2019 - Amundsen PresentationNeo4j GraphTour Santa Monica 2019 - Amundsen Presentation
Neo4j GraphTour Santa Monica 2019 - Amundsen Presentation
 
D Cornell Securing Share Point
D Cornell Securing Share PointD Cornell Securing Share Point
D Cornell Securing Share Point
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 

More from Aspenware

Playing nice with the MEAN stack
Playing nice with the MEAN stackPlaying nice with the MEAN stack
Playing nice with the MEAN stackAspenware
 
Stop competing and start leading: A user experience case study.
Stop competing and start leading: A user experience case study.Stop competing and start leading: A user experience case study.
Stop competing and start leading: A user experience case study.Aspenware
 
Tips for building fast multi touch enabled web sites
Tips for building fast multi touch enabled web sites Tips for building fast multi touch enabled web sites
Tips for building fast multi touch enabled web sitesAspenware
 
Build once deploy everywhere using the telerik platform
Build once deploy everywhere using the telerik platformBuild once deploy everywhere using the telerik platform
Build once deploy everywhere using the telerik platformAspenware
 
Building web applications using kendo ui and the mvvm pattern
Building web applications using kendo ui and the mvvm patternBuilding web applications using kendo ui and the mvvm pattern
Building web applications using kendo ui and the mvvm patternAspenware
 
Rich Web Applications with Aspenware
Rich Web Applications with AspenwareRich Web Applications with Aspenware
Rich Web Applications with AspenwareAspenware
 
Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)Aspenware
 
Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)Aspenware
 
Building a Windows Store App for SharePoint 2013
Building a Windows Store App for SharePoint 2013Building a Windows Store App for SharePoint 2013
Building a Windows Store App for SharePoint 2013Aspenware
 
Aspenware TechMunch presents: mobile communities of interest
Aspenware TechMunch presents: mobile communities of interestAspenware TechMunch presents: mobile communities of interest
Aspenware TechMunch presents: mobile communities of interestAspenware
 
Hate JavaScript? Try TypeScript.
Hate JavaScript? Try TypeScript.Hate JavaScript? Try TypeScript.
Hate JavaScript? Try TypeScript.Aspenware
 
Understanding Game Mechanics
Understanding Game MechanicsUnderstanding Game Mechanics
Understanding Game MechanicsAspenware
 
What people are saying about working with Aspenware.
What people are saying about working with Aspenware.What people are saying about working with Aspenware.
What people are saying about working with Aspenware.Aspenware
 
Aspenware Customer Labs lift line experience
Aspenware Customer Labs lift line experienceAspenware Customer Labs lift line experience
Aspenware Customer Labs lift line experienceAspenware
 
Aspenware 2013 consulting program
Aspenware 2013 consulting programAspenware 2013 consulting program
Aspenware 2013 consulting programAspenware
 
On Culture and Perks
On Culture and PerksOn Culture and Perks
On Culture and PerksAspenware
 
Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...
Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...
Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...Aspenware
 
Fast multi touch enabled web sites
Fast multi touch enabled web sitesFast multi touch enabled web sites
Fast multi touch enabled web sitesAspenware
 
Business considerations for node.js applications
Business considerations for node.js applicationsBusiness considerations for node.js applications
Business considerations for node.js applicationsAspenware
 
Restful web services with nodejs
Restful web services with nodejsRestful web services with nodejs
Restful web services with nodejsAspenware
 

More from Aspenware (20)

Playing nice with the MEAN stack
Playing nice with the MEAN stackPlaying nice with the MEAN stack
Playing nice with the MEAN stack
 
Stop competing and start leading: A user experience case study.
Stop competing and start leading: A user experience case study.Stop competing and start leading: A user experience case study.
Stop competing and start leading: A user experience case study.
 
Tips for building fast multi touch enabled web sites
Tips for building fast multi touch enabled web sites Tips for building fast multi touch enabled web sites
Tips for building fast multi touch enabled web sites
 
Build once deploy everywhere using the telerik platform
Build once deploy everywhere using the telerik platformBuild once deploy everywhere using the telerik platform
Build once deploy everywhere using the telerik platform
 
Building web applications using kendo ui and the mvvm pattern
Building web applications using kendo ui and the mvvm patternBuilding web applications using kendo ui and the mvvm pattern
Building web applications using kendo ui and the mvvm pattern
 
Rich Web Applications with Aspenware
Rich Web Applications with AspenwareRich Web Applications with Aspenware
Rich Web Applications with Aspenware
 
Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)
 
Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)Implementing Scrum with Microsoft Team Foundation Service (TFS)
Implementing Scrum with Microsoft Team Foundation Service (TFS)
 
Building a Windows Store App for SharePoint 2013
Building a Windows Store App for SharePoint 2013Building a Windows Store App for SharePoint 2013
Building a Windows Store App for SharePoint 2013
 
Aspenware TechMunch presents: mobile communities of interest
Aspenware TechMunch presents: mobile communities of interestAspenware TechMunch presents: mobile communities of interest
Aspenware TechMunch presents: mobile communities of interest
 
Hate JavaScript? Try TypeScript.
Hate JavaScript? Try TypeScript.Hate JavaScript? Try TypeScript.
Hate JavaScript? Try TypeScript.
 
Understanding Game Mechanics
Understanding Game MechanicsUnderstanding Game Mechanics
Understanding Game Mechanics
 
What people are saying about working with Aspenware.
What people are saying about working with Aspenware.What people are saying about working with Aspenware.
What people are saying about working with Aspenware.
 
Aspenware Customer Labs lift line experience
Aspenware Customer Labs lift line experienceAspenware Customer Labs lift line experience
Aspenware Customer Labs lift line experience
 
Aspenware 2013 consulting program
Aspenware 2013 consulting programAspenware 2013 consulting program
Aspenware 2013 consulting program
 
On Culture and Perks
On Culture and PerksOn Culture and Perks
On Culture and Perks
 
Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...
Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...
Maintaining Culture and Staying True to Your Values in Times of Change: Tye E...
 
Fast multi touch enabled web sites
Fast multi touch enabled web sitesFast multi touch enabled web sites
Fast multi touch enabled web sites
 
Business considerations for node.js applications
Business considerations for node.js applicationsBusiness considerations for node.js applications
Business considerations for node.js applications
 
Restful web services with nodejs
Restful web services with nodejsRestful web services with nodejs
Restful web services with nodejs
 

Recently uploaded

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Taking the Share out of Sharepoint: SharePoint Application Security.

  • 1. Why Your SharePoint Applications are a Hackers Best Friend
  • 2. Waughn Hughes Waughn has over 14 years of consulting experience, and has worked extensively with SharePoint for the past seven years as a developer and solutions architect. Solutions Architect | about.me/waughn
  • 3. Justin Tibbs Justin Tibbs, developed and heads up the security solutions practice at NET Source, Inc, in Littleton Colorado. Prior to NET Source, Justin held positions at Cisco Systems, Lockheed Martin, and others, specializing in the areas of Vulnerability & Threat Research, Exploitation Development, and Secure Architecture Design. NET Source Security Director | about.me/justintibbs
  • 4. Agenda • Introduction • SharePoint Tips and Tools Why Your SharePoint Applications are a Hackers Best Friend 4
  • 5. Definitions Security Breach An act from outside an organization that bypasses or contravenes security policies, practices, or procedures. Security Violation An act from inside an organization that bypasses or contravenes security policies, practices, or procedures. Why Your SharePoint Applications are a Hackers Best Friend 5
  • 6. National Security Agency "This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed." - National Security Agency Director and the Pentagon's Cyber Command Commander General Keith Alexander Why Your SharePoint Applications are a Hackers Best Friend NSA chief leaks info on data sharing tech: It's SharePoint, By Jack Clark Clear and Present Danger: Cyber-Crime; Cyber-Espionage; Cyber-Terror; and Cyber-War 6
  • 7. Why SharePoint? Started as a way to simplify document sharing… 12 years and numerous releases later… Evolved into a platform for collaboration, document and file management, intranets, extranets, websites, enterprise search, business intelligence, business process automation, social networks, etc… Used by 78% of the Fortune 500 companies* Why Your SharePoint Applications are a Hackers Best Friend 7 * SharePoint 2010 : The First 10 Years [http://technet.microsoft.com/en-us/magazine/gg981684.aspx]
  • 8. SharePoint Security Policy Why Your SharePoint Applications are a Hackers Best Friend 8 A recent study by Emedia, covered in full by InfoSecurity magazine in February 2013, found that only about one-third of organizations with 25-5000 users employing SharePoint have security policies covering the platform.
  • 9. Installation & Configuration • Windows, SQL Server and .NET Stack • Security Patching • Service Accounts • Service Applications • Authentication • Web Applications, Site Collections and Sites Why Your SharePoint Applications are a Hackers Best Friend 9
  • 10. Installation & Configuration: Tips • Review and install applicable service packs and cumulative updates • Plan for least-privilege administration and do not use single account to run SharePoint farm(s) • Understand the features and configuration options for service applications prior to deployment • Define authentication methods for the various web and extended web applications • Develop and use information architecture to define web applications, site collections and sites • Use metadata to identify data sensitivity Why Your SharePoint Applications are a Hackers Best Friend 10
  • 11. Access Control • User Permissions • Excessive Access • Administrative Access Why Your SharePoint Applications are a Hackers Best Friend 11
  • 12. Access Control: Tips • Train end users on the key permission feature within SharePoint (e.g. security groups, permission levels, and permissions inheritance) • Automate the review process to keep rights aligned with business needs • Enable auditing for sites that contain sensitive information • Access the need to use database encryption to protect content Why Your SharePoint Applications are a Hackers Best Friend 12
  • 13. External Exposure: Demo Why Your SharePoint Applications are a Hackers Best Friend 13
  • 14. External Exposure: Tips • Use Google or Bing to check for externally exposed information • Google Samples: • inurl:"/_layouts/viewlsts.aspx" • "all site content" filetype:aspx • Use port scanner like nMap to look for open listeners • Management applications • Misconfigured web services • Database listeners (SQL) • Pretend to be a hacker… Try Shodan, a search engine that lets you find specific types of computers using a variety of filters Why Your SharePoint Applications are a Hackers Best Friend 14
  • 15. Development • Cross-Site Scripting • Cross-Site Request Forgery • Elevation of Privilege • Information Disclosure Why Your SharePoint Applications are a Hackers Best Friend 15
  • 16. Development: Tips • Understand Code Access Security • Encode output properly using SPHttpUtility methods • Do not allow contributor users to add script to the site • Specify a charset in the Content-Type HTTP response header • Avoid using AllowUnsafeUpdates where possible • Check user permissions appropriately Why Your SharePoint Applications are a Hackers Best Friend 16
  • 17. Questions? Why Your SharePoint Applications are a Hackers Best Friend 17
  • 18. 6000 Greenwood Plaza Blvd Suite 110 Greenwood Village, CO 80111 303.798.5458 www.aspenware.com Aspenware