Securing Sharepoint Hosted Apps – Best Practices

ByThe SharePoint FAQs Team

Protecting SharePoint Apps from Threats

SharePoint apps provide powerful capabilities to extend SharePoint functionality and customize sites to meet business needs. However, apps also introduce security risks if not properly secured. Threats to SharePoint apps include:

  • Elevation of privilege attacks to gain unauthorized access
  • Injection attacks such as SQL injection and cross-site scripting
  • Disclosure of sensitive information stored in apps
  • Code vulnerabilities that could allow remote code execution
  • Denial-of-service attacks on app resources

Implementing security best practices is crucial for protecting against these threats. Key areas to focus on include proper app authentication and authorization, securing app code, app deployment safeguards, and following SharePoint security guidelines.

Configuring App Authentication and Authorization

Carefully configuring authentication and authorization is essential to prevent elevation of privilege attacks against SharePoint apps. Tactics include:

Using App-Only Permissions for Limited Access

Grant each SharePoint app only the specific permissions it requires using app-only permission scopes. Avoid providing apps broad access to the entire SharePoint tenant as it increases exposure if that app is compromised. Define app permissions to match their intended purpose.

Setting App Permission Request Policies

Configure policies in Azure Active Directory to govern permission approval for apps requesting access to SharePoint resources. Set policies to automatically deny overly broad permission requests. Require manual approval to grant sensitive permissions scopes. This enables oversight of app access.

Enabling OAuth Authorization

Use OAuth 2.0 authorization flows to let users approve app access to their SharePoint resources without exposing their credentials. This protects user identities and avoids storing passwords. Validate access tokens on the server-side to verify each request is authorized.

Securing App Code

App code vulnerabilities can enable attackers to exploit apps for malicious purposes. Prioritize these app code security measures:

Input Validation and Sanitization

Validate and sanitize all input from users and external sources before processing to prevent code injection attacks. Define validation rules for expected types, lengths, formats and ranges. Escape, encode or remove potentially malicious input sequences.

Parameterized Queries to Prevent SQL Injection

Use parameterized queries and stored procedures for all database and SharePoint queries originating from the app code. Parameterization embeds user input securely as parameters rather than injectable raw query text. This counters SQL injection risks.

Encoding User-Supplied Output

Encode any user-supplied input before outputting it to prevent cross-site scripting vulnerabilities being introduced. Contextually output encode to fit where values are rendered – HTML encode for HTML contexts, JavaScript encode for script contexts etc.

Using Cryptography for Sensitive Data

Encrypt sensitive information stored and processed within SharePoint apps using cryptography APIs built into the development platform. Access keys should be protected by the Azure Key Vault. This safeguards confidential data at rest and in transit.

App Deployment Safeguards

Exercise caution when deploying apps to production to avoid introducing vulnerabilities:

Scanning Apps for Vulnerabilities

Perform static and dynamic vulnerability scans against SharePoint apps prior to deployment to uncover risks. Remediate findings like input validation issues, XXE flaws, insecure deserialization etc. Scan deployed apps periodically for new threats.

Running Apps in Isolated Environments

Host SharePoint apps in isolated app domains and application pools to limit impact if compromised. Separate high risk apps virtual machines. Define restricted contingency plans to disable or deactivate risky apps if suspicious activities emerge.

Monitoring App Resource Usage

Actively monitor app resource consumption like CPU, memory, storage, network usage. Set alerts for unusual spikes that could signal denial-of-service conditions or other threats. Fine-tune app resource limits as required.

Managing App Lifecycles and Versions

Manage SharePoint apps assertively through development, test and production stages. Restrict ability to publish app changes. Retire outdated app versions with known issues. This reduces attack surface and risk exposure from active apps.

Following SharePoint Security Guidelines

Supplementary SharePoint platform security capabilities also help protect apps:

Understanding SharePoint Security Layers

Apply defense-in-depth with SharePoint security layers like identity management, access controls, infrastructure hardening, logging etc. Combine policies, software controls and user education for multiplier effects.

Enabling Auditing and Logging

Record key app events like permission changes, user access grants, admin actions for accountability. Log events like app errors, performance problems and anomalies to enable incident investigation. Forward logs to a SIEM for correlation.

Performing Penetration Testing

Conduct controlled penetration tests against SharePoint deployments including apps annually using experienced testers and standard methodologies. Uncover gaps through ethical hacking simulations to harden defenses.

Protecting SharePoint apps presents unique security challenges given their privileged position coupled with remote code execution. Adopting these SharePoint hosted app security best practices as a baseline helps substantially reduce risks as part of a defense-in-depth approach.

Leave a Reply

Your email address will not be published. Required fields are marked *