Category:OWASP .NET Project

Welcome to the OWASP .Net Project. These pages are still in 'very alpha' format since we are still importing content (check out To Do on Owasp .Net Project Pages if you want to help out)

{|
 * valign="top" |

Latest

 * Nov 2007: Uploaded test scripts from OWASP training in San Jose download here
 * Jun 2007: Created stub pages for Microsoft's SliverLight, Abobe's AIR, Microsoft's WSS and Apple's iPhone
 * Jun 2007: DN_BOFinder Uploaded latest version to Sourceforge and updated WIKI page
 * Feb 2007: Added info about the new tool: DotNet Buffer Overflow Finder DN_BOFinder
 * 14th September: Added stub page Source Code Audit Tools
 * 31st August: OWASP Autumn Of Code 2006,  Today we are lauching a new project called "OWASP Autumn of Code 2006" which will sponsor individuals to work on existing OWASP Projects.
 * 31st August: Dinis Cruz video interview, Dinis talks about .NET security, the future of OWASP, and the brand new Autumn of Code project.
 * 14 August: Finished adding in the to the pages - Mike de Libero
 * 29 July: New finding Full Trust CLR Verification issue: changing the return address order
 * 28 July: Added new tool .Net Assembly Analyzer
 * 27 July: New Layout for home page
 * 25 July: Made tons of changes to lots of pages (from new content, to images, etc...)
 * 20 July: Owasp Report Generator page with links for download
 * Uploaded latest version of Owasp SiteGenerator(including the source code) to SourceForge and updated the links in Owasp SiteGenerator
 * 11 July: Microsoft Security Bulletin July 2006-Vulnerabilities in IIS and ASP.Net
 * 11 July: We have started to upload the OWASP .Net Projects to SourceForge dotNET section. SiteGenerator is up there and more will follow.

Unless marked, the above entries were posted by Dinis.cruz


 * valign="top" |

Current Projects

 * Owasp SiteGenerator (sponsored by Foundstone)
 * Owasp Report Generator
 * ANBS (Asp.Net Baseline Security) - includes the tools SAM'SHE (Security Analyzer for Microsoft's Shared Hosting Environments) and Online IIS Metabase Explorer
 * ASP.NET Reflector
 * ANSA (Asp.Net Security Analyzer) - first tool developed by Dinis Cruz that hilights the security problems of Full Trust Asp.Net code (contains Proof of Concept tests (i.e. exploits))
 * DefApp - Partial port of ModSecurity to the .Net Platform
 * Owasp FOSBBWAS (code name Beretta)
 * .Net Assembly Analyzer
 * OWASP Tiger

Related Foundstone Open source projects
 * Hacme Bank (Foundstone tool)
 * .NetMon (Foundstone tool)
 * Validator.NET (Foundstone tool)

Note: All releases are available on the dotNET section of the SourceForge OWASP Project pages


 * valign="top" |
 * valign="top" |

.Net Security

 * .Net Full Trust (A discussion on the security implications of running .NET applications using the default Full Trust security model)
 * .Net Type Safety
 * .Net Framework Security Issues
 * Rooting The CLR


 * valign="top" |

Other misc stuff

 * London Chapter WAF event
 * Security Podcasts
 * CVS details for Editors
 * Wiki Edit Tips
 * Code Samples
 * .Net Code Sample - Reflecting assembly with missing dependency
 * Files_Xml_WindowsMessages (with serialization stuff)
 * .Net Research Links
 * .Net Security Tools
 * Richard Crypto .Net Stuff
 * 2006 Autumn Of Code
 * OWASP .Net Project Roadmap
 * .NET Project ReOrg Alpha
 * }

Mailing List
We have a mailing list at Sourceforge which we use to discuss relevant issue to .Net security (see How to join Owasp.Net Mailing List)