http://pageofwords.com/blog/ Run the ink across this page of words en-us Kirk Jackson Thu, 17 Mar 2011 22:42:33 GMT newtelligence dasBlog 1.9.6264.0 kirkj@paradise.net.nz kirkj@paradise.net.nz http://pageofwords.com/blog/Trackback.aspx?guid=71a380b8-fcef-4f01-afa5-5ea542948c18 http://pageofwords.com/blog/pingback.aspx http://pageofwords.com/blog/PermaLink,guid,71a380b8-fcef-4f01-afa5-5ea542948c18.aspx Kirk Jackson http://pageofwords.com/blog/CommentView,guid,71a380b8-fcef-4f01-afa5-5ea542948c18.aspx http://pageofwords.com/blog/SyndicationService.asmx/GetEntryCommentsRss?guid=71a380b8-fcef-4f01-afa5-5ea542948c18 I presented at the NZ SharePoint conference yesterday. It was a pretty impressive event - kudos to Debbie and the organising team.

My talk was split into two parts: what are some of the risks in running a SharePoint site; and how can you protect against them.

The risks I covered were cross-site scripting and malicious file uploads - MIME sniffing in IE, the recent MHTML attack and the ever-present risk of malicious PDF documents. The key takeaway is that any file uploaded could be malicious, and to think of how to mitigate those risks.

In the 'protection' section, I covered some SharePoint development best practices and stepped through SharePoint specifics on how to protect against XSS and CSRF. SharePoint has some pretty good protections built in the box, but if we're building our own web-parts we need to be vigilant.

The presentation should shortly be available from the conference website, with a video in a month or so. If you've got any questions please feel free to email me or get in touch.

2011-03-17-NZSPC-KirkJackson.pdf (2.9 MB)

Cheers,

Kirk
http://pageofwords.com/blog/PermaLink,guid,71a380b8-fcef-4f01-afa5-5ea542948c18.aspx http://pageofwords.com/blog/2011/03/17/SharePointConferenceNZIsYourSharePointUnderThreat.aspx Thu, 17 Mar 2011 22:42:33 GMT I presented at the <a href="http://www.sharepointconference.co.nz/nz2011/">NZ SharePoint conference</a> yesterday. It was a pretty impressive event - kudos to Debbie and the organising team.<br> <br> My talk was split into two parts: what are some of the risks in running a SharePoint site; and how can you protect against them.<br> <br> The risks I covered were cross-site scripting and malicious file uploads - MIME sniffing in IE, the recent MHTML attack and the ever-present risk of malicious PDF documents. The key takeaway is that any file uploaded could be malicious, and to think of how to mitigate those risks.<br> <br> In the 'protection' section, I covered some SharePoint development best practices and stepped through SharePoint specifics on how to protect against XSS and CSRF. SharePoint has some pretty good protections built in the box, but if we're building our own web-parts we need to be vigilant.<br> <br> The presentation should shortly be available from the conference website, with a video in a month or so. If you've got any questions please feel free to email me or get in touch.<br> <p> </p> <a href="http://pageofwords.com/blog/content/binary/2011-03-17-NZSPC-KirkJackson.pdf">2011-03-17-NZSPC-KirkJackson.pdf (2.9 MB)</a> <br> <br> Cheers,<br> <br> Kirk<br> <img width="0" height="0" src="http://pageofwords.com/blog/aggbug.ashx?id=71a380b8-fcef-4f01-afa5-5ea542948c18" /> http://pageofwords.com/blog/CommentView,guid,71a380b8-fcef-4f01-afa5-5ea542948c18.aspx Security;SharePoint