Category:OWASP .NET Project

Welcome to the Owasp .Net Project. These pages are still in 'very alpha' format since we are still importing content (check out To Do on Owasp .Net Project Pages if you want to help out)

Latest

 * Made tons of changes to lots of pages (from new content, to images, etc...) Dinis.cruz 15:34, 25 July 2006 (EDT)
 * Owasp Report Generator page with links for download
 * Uploaded latest version of Owasp SiteGenerator(including the source code) to SourceForge and updated the links in Owasp SiteGenerator
 * Microsoft Security Bulletin July 2006-Vulnerabilities in IIS and ASP.Net
 * We have started to upload the Owasp .Net Projects to SourceForge dotNET section. SiteGenerator is up there and more will follow. (Dinis.cruz 19:11, 11 July 2006 (EDT))

Current Projects

 * Owasp SiteGenerator (sponsored by Foundstone)
 * Owasp Report Generator
 * ANBS (Asp.Net Baseline Security) - includes the tools SAM'SHE (Security Analyzer for Microsoft's Shared Hosting Environments) and Online IIS Metabase Explorer
 * ASP.NET Reflector
 * ANSA (Asp.Net Security Analyzer) - first tool developed by Dinis Cruz that hilights the security problems of Full Trust Asp.Net code (contains Proof of Concept tests (i.e. exploits))
 * DefApp - Partial port of ModSecurity to the .Net Platform
 * Owasp FOSBBWAS (code name Beretta)

Related Foundstone Open souce projects
 * Hacme Bank (Foundstone tool)
 * .NetMon (Foundstone tool)
 * Validator.NET (Foundstone tool)

Note: All releases are available on the dotNET section of the SourceForge Owasp Project pages

.Net Security

 * .Net Full Trust (the execution environment that makes an Asp.Net Application Insecure by Default, by Design and in Deployment)
 * .Net Type Safety
 * .Net Framework Security Issues
 * Rooting The CLR
 * Microsoft must deliver secure environments not tools to write secure code

Other misc stuff

 * London Chapter WAF event
 * Security Podcasts
 * CVS details for Editors
 * Wiki Edit Tips
 * Code Samples
 * Files_Xml_WindowsMessages (with serialization stuff)
 * .Net Research Links
 * .Net Security Tools
 * Richard Crypto .Net Stuff
 * An 'Asp.Net' accident waiting to happen

Mailing List
We have a mailing list at Sourceforge which we use to discuss relevant issue to .Net security (see How to join Owasp.Net Mailing List)