European SharePoint Conference 2014 (#ESPC14 Barcelona) Day 2 Summary

The second day at #ESPC14 went by and it was full of great sessions, talks and sharing knowledge and discussions. Let me write some lines to each session.

KeyNote 2 Make Social Successful by Mark Kashman und Christian Buckley

Office graph is about me and myself and the connections to my work, documents and colleagues. It is connecting us like we expect from social software. It remembers me personally to google circles a little bit and as well as IBM Lotus NextMail.

Office Graph shows you the relevancy of your people you’re working on.

I would like to use Office graph, you should not get a feeling of being watched or controlled but rather see it as a possibility to get your relevance information fast and get your work done.

 

Session: Think you can hack SharePoint by Lian Cleany

Lian makes a really good session about security issues. At first he mentioned Script kiddy which almost everybody did already. It means using a script from internet which you did not write and use it in production environment. You should not blame the author if it does not work or makes something not working anymore. It only shows you that you did not tested it enough.

There are some security issues you should care about especially if you use SharePoint in Internet facing scenarios. Here are some examples:

  • /_layouts/ pages are available like viewlsts.aspx
  • /_vti_bin/ some functions does not require authentication
  • /_vti_bin/spdisco.aspx
  • /_layouts/userdisp.aspx?Force=true&ID=1
  • 3rd Party Tools: Did you ask them if it is secure? Often it might be a security gap
  • Fiddler is a great hacking tool
  • It’s possible to download files from SP with the command wget…

“Do not let the front door open” of your SharePoint. “

He mentioned Nmap which can be used to access Central Administration, services and web service endpoints.

Keep in mind SharePoint is a website.

What you can do is

  • Page lockdown
  • Comply with compliance
  • Understand SP = SQL
  • Keep patches uptodate
  • Rentest your SharePoint

But important is to know that you should pay attention to this topic.

 

Session: What’s new in Sharepoint 2013 SP1 by Nikos Anagnostou

SP1 provides the following new features

  • Yammer Integration
  • OneDrive for Business Integration
  • JSon light Script (to communicate from SP to Apps
  • Windows Server 2012 R2 Support

Session: How to keep the Solution for the SP Online on Premise “Cloud ready” by Marek Czarzbon

In a real live scenario of a bank they got challenges in Cloud through

  • Backup of data
  • Auditing data center
  • Cryptography

They developed a solution to provision an intranet using the app model. Marek describes the steps they took to complete it.

 

Interesting points:

Forms:

PDF share forms – a solution which is providing the possibility to build, deploy and use forms based on PDF and use it in SharePoint. Should have a look at PDFshareforms.com

Nintex Forms provides also a solution for Office 365 and On-Premise which makes it possible to endusers to design the listforms and also design forms as content type for SharePoint. It has a similar UI as Nintex Workflows and it provides any possibility as InfoPath:

  • Drag&Drop Fieldcontrols
  • Insert Fieldcontrols which are not stored their data in the list
  • Integration of data via webservices or just SharePoint lists
  • Cascading dropdowns
  • Rules
  • Support for custom fieldtypes

Avepoint

Avepoint has several products for Administration, Migration, Compliance, Backup and Archiving. Those are suits which can be bought but also single moduls out of it are available. The connector and replicator module are my favorites. But I would like to recommend to read the details from their page.

 

Resumee of day 2:

Great sessions again. My personal highlight was the session about hacking SharePoint. It’s always important to pay attention to security independent which platform you choose. People are creative to gain information and access which they should not have.

 

The article or information provided here represents completely my own personal view & thought. It is recommended to test the content or scripts of the site in the lab, before making use in the production environment & use it completely at your own risk. The articles, scripts, suggestions or tricks published on the site are provided AS-IS with no warranties or guarantees and confers no rights.

About Karsten Schneider 312 Articles
Consultant for Microsoft 365 Applications with a strong focus in Teams, SharePoint Online, OneDrive for Business as well as PowerPlatform with PowerApps, Flow and PowerBI. I provide Workshops for Governance & Security in Office 365 and Development of Solutions in the area of Collaboration and Teamwork based on Microsoft 365 and Azure Cloud Solutions. In his free time he tries to collect tipps and worthy experience in this blog.

Be the first to comment

Leave a Reply

Your email address will not be published.


*