- No Anonymous access
- Use SSL
- Use Claim based or Form Based authentication
- Use Unqiue permissions
- Use groups to manage the permissions
- make sure all authenticated user group not added any where
- enable the auditing on the Site
- make sure your sharePoint farm is upto date for security vulnerabilities(MSFT release every month).
- reduce the number of site collections admins.
10. the best way to test for everything is to do unit testing, and test every possible combination of possible vulnerabilities you can think of. You can either script this, or do it manually.
