OWASP Autumn of Code 2006 - Projects: Owasp .Net Tools

AoC Candidate: Boris

Project Coordinator: Dinis Cruz

Project Progress: xx% Complete - Progress Page

Problem to be Addressed
The number of Web sites and applications is growing rapidly, as well as number of platforms. Microsoft's Web platform is known for its high level of developer productivity, ease of setup and administration and great integration with other, often very widespread, Microsoft products. So, the Microsoft Web platform may be very attractive to individuals and various types of organizations. However, there are still many doubts about how secure it is. Many of these doubts are not backed by specific, measurable data and tests but instead on historical (but not necessarily outdated) data and "word of mouth" type of evidence. Determining how secure an application running on Microsoft's Web platform is usually requires a lot of time and resources. There aren't many tools for testing security aspects of Microsoft's Web platform that make things easier. Even few are publicly available.

Another problem is that, due to very user-friendly tools provided in Microsoft's products, administering Web sites and applications may seem easier than it sometimes is. Many times these tasks are delegated to people who are not aware of numerous security-related problems (and sometimes not even professional IT administrators) that may occur. As a result, many Web sites and applications deployed are insecure.

Benefit to OWASP Members and Community
The deliverables of this project will (hopefully) help OWASP members and community
 * be aware of vulnerabilities and risks involved with their applications before releasing them to general public
 * determine if their applications are deployed in a less than optimal security environment
 * ease patch/hotfix management of their OS/Web server software
 * maybe even make decisions about the technology stack(s) used

Goals and Deliverables
Plan of Approach

Deliverables

Risks and Rewards
Main Risks

Rewards of Successful Project