The second day at #ESPC14 went by and it was full of great sessions, talks and sharing knowledge and discussions. Let me write some lines to each session.
KeyNote 2 Make Social Successful by Mark Kashman und Christian Buckley
Office graph is about me and myself and the connections to my work, documents and colleagues. It is connecting us like we expect from social software. It remembers me personally to google circles a little bit and as well as IBM Lotus NextMail.
Office Graph shows you the relevancy of your people you’re working on.
I would like to use Office graph, you should not get a feeling of being watched or controlled but rather see it as a possibility to get your relevance information fast and get your work done.
Session: Think you can hack SharePoint by Lian Cleany
Lian makes a really good session about security issues. At first he mentioned Script kiddy which almost everybody did already. It means using a script from internet which you did not write and use it in production environment. You should not blame the author if it does not work or makes something not working anymore. It only shows you that you did not tested it enough.
There are some security issues you should care about especially if you use SharePoint in Internet facing scenarios. Here are some examples:
- /_layouts/ pages are available like viewlsts.aspx
- /_vti_bin/ some functions does not require authentication
- /_vti_bin/spdisco.aspx
- /_layouts/userdisp.aspx?Force=true&ID=1
- 3rd Party Tools: Did you ask them if it is secure? Often it might be a security gap
- Fiddler is a great hacking tool
- It’s possible to download files from SP with the command wget…
“Do not let the front door open” of your SharePoint. “
He mentioned Nmap which can be used to access Central Administration, services and web service endpoints.
Keep in mind SharePoint is a website.
What you can do is
- Page lockdown
- Comply with compliance
- Understand SP = SQL
- Keep patches uptodate
- Rentest your SharePoint
But important is to know that you should pay attention to this topic.
Session: What’s new in Sharepoint 2013 SP1 by Nikos Anagnostou
SP1 provides the following new features
- Yammer Integration
- OneDrive for Business Integration
- JSon light Script (to communicate from SP to Apps
- Windows Server 2012 R2 Support
Session: How to keep the Solution for the SP Online on Premise “Cloud ready” by Marek Czarzbon
In a real live scenario of a bank they got challenges in Cloud through
- Backup of data
- Auditing data center
- Cryptography
They developed a solution to provision an intranet using the app model. Marek describes the steps they took to complete it.
Interesting points:
Forms:
PDF share forms – a solution which is providing the possibility to build, deploy and use forms based on PDF and use it in SharePoint. Should have a look at PDFshareforms.com
Nintex Forms provides also a solution for Office 365 and On-Premise which makes it possible to endusers to design the listforms and also design forms as content type for SharePoint. It has a similar UI as Nintex Workflows and it provides any possibility as InfoPath:
- Drag&Drop Fieldcontrols
- Insert Fieldcontrols which are not stored their data in the list
- Integration of data via webservices or just SharePoint lists
- Cascading dropdowns
- Rules
- Support for custom fieldtypes
Avepoint
Avepoint has several products for Administration, Migration, Compliance, Backup and Archiving. Those are suits which can be bought but also single moduls out of it are available. The connector and replicator module are my favorites. But I would like to recommend to read the details from their page.
Resumee of day 2:
Great sessions again. My personal highlight was the session about hacking SharePoint. It’s always important to pay attention to security independent which platform you choose. People are creative to gain information and access which they should not have.
Leave a Reply
You must be logged in to post a comment.