Sharepoint Security

Home > Services > Security Assessment >Sharepoint Security

What is Sharepoint?


SharePoint is Microsoft’s Business Collaboration Platform for the Enterprise and the Internet. Sharepoint provides an effective way of collaboration and document management. One of the most common uses of SharePoint is for Document Management where a user can manage the document from start to finish i.e. from creation till deletion.


Sharepoint Object Hierarchy



Farm: Farm contains one or more Web front ends and one or more SQL Servers that Sharepoint services.
Web Application: Site created in IIS which contains Site Collections.
Site Collection: Top level Sharepoint site which contains sites, lists and libraries.
Site: Container for lists and libraries based on the template.
List: List contains the structures data stored in the site.
Libraries: Contains files and folders.

Key features of SharePoint include:
  1. Enterprise Search
  2. Enterprise Content Management (ECM)
  3. Business Processes and Forms
  4. Business Intelligence
  5. Social Computing

Risks in a Sharepoint application

While the capability of Sharepoint and its flexibility have contributed greatly to its popularity, making it Microsoft’s fastest product to reach $1 billion in revenues, however numerous security risks arise from the implementation of Sharepoint in most enterprises.

Some of the common issues with Sharepoint Applications are:

  1. Permissions and Identity Management Issues
  2. Authorization Mis-management
  3. Information Leakage from Misconfigured Search
  4. User Enumeration Issues
  5. Issues with third party applications
  6. Code Access Security Issues

Services we offer

We primarily do SharePoint Security engagements covering the following key areas.

  1. Security Architecture Review for SharePoint
  2. SharePoint Compliance and Governance
  3. Secure SharePoint Installation and Upgrade
  4. Secure SharePoint Development and Deployment
  5. Secure SharePoint Integration
  6. SharePoint Permissions, Identity and Access Management