OWASP .NET Active Projects

OWASP Projects
Note: While these projects are labeled as Active, a more accurate label might be Available. Few of them are actively developed either because the project has run its cource, or the tool does its job and no further development is needed. Note: The following releases are available on the dotNET section of the SourceForge OWASP Project pages


 * ANBS (Asp.Net Baseline Security) - includes the tools SAM'SHE (Security Analyzer for Microsoft's Shared Hosting Environments) and Online IIS Metabase Explorer
 * ASP.NET Reflector
 * ANSA (Asp.Net Security Analyzer) - first tool developed by Dinis Cruz that hilights the security problems of Full Trust Asp.Net code (contains Proof of Concept tests (i.e. exploits))
 * DefApp - Partial port of ModSecurity to the .Net Platform
 * Owasp FOSBBWAS (code name Beretta)
 * .Net Assembly Analyzer
 * .Net CSRF Guard

These are inactive OWASP .NET projects. They have value. If you are interested in working on one of them, please join the mailing list and mention that you are interested in contribution.
 * Owasp SiteGenerator (sponsored by Foundstone)
 * Owasp Report Generator
 * OWASP Tiger

The following OWASP projects are hosted on other project hosting sites:


 * OWASP ESAPI .NET

Active Project Workspaces

 * FXCop Ruleset
 * Sprajax
 * CSSpider

Related Open Source Projects

 * Hacme Bank (Foundstone tool)
 * .NetMon (Foundstone tool)
 * Validator.NET (Foundstone tool)

Source Code Repositories
Any repository that allows public access and has terms of service that holds no claim on the content that our members upload is generally okay, although GitHub is currently preferred. The following repositories are popular among the members:


 * OWASP @ GitHub
 * OWASP @ Codeplex
 * OWASP @ Google Code
 * OWASP @ SourceForge

Starting your own .NET Project
If you're interested in starting your own project, please read How to Start an OWASP Project. Remember to add the tag: to the end of new projects so that they're properly categorized.