 |
Domino Security
When doing a web app review of some apps deployed on Domino servers I came to the conclusion that there was very little good information on Domino for the security professional so I set about to fix that. There is a paper and presentation given at OWASP's appsec DC 2010. In the long run I'd like to make this a repository for Domino security information, and will try to keep it up to date.
Useful Data
View names used in the Domino help files.
Special Identifiers and other special commands in Lotus Domino.
Presentation at AppsecDC 2010
slides: ppt | pdf
video of presentation (will be available from appsec in the near future and noted here at that time).
Appsec page on talk.
External Resources
Hackproofing Lotus Domino Server an article by David Litchfield from 2001, aimed at the security auditor.
Lotus Domino Security a whitepaper from 2002 by ISS X-force, also aimed at the administrator.
Lotus Security Handbook an IBM Redbook from 2004, it covers mostly general security principles and only covers Domino incidentally at the end. It's intended audience seems to be a Domino admin, network admin, or network architect working with Domino.
Securing a Lotus Domino Server an article from 2005 by IBM, aimed at the administrator.
Tools
Please note that this is not an endorsement of any of the tools listed below. In fact, I have not even used most of them, I'm simply listing them as a resource.
TeamStudio Build Manager 2
DominoScan II
App Detective Pro
Power Tools
|