OWASP .NET Recommended Resources

Areas of Concern

 * Getting Started


 * Tutorials


 * Best Practices


 * OWASP Guidance and Tools

Advisories, Articles & Projects
Security and Operational Guidance for .NET Applications

ASP.NET Security Architecture

patterns & practices Security Engineering Index

patterns & practices Security Guidance for Applications Index

patterns & practices Security Guidance for .NET Framework 2.0

Authentication in ASP.NET: .NET Security Guidance

Security Engineering

Solutions to SOA Security

Web Service Specifications

Security Guidance for Windows Communication Foundation

Microsoft Security Advisory (954462) (SQL Injection Advisory)

Online References
Patterns and Practices

Patterns and Practices Security Wiki

MSDN Security Developer Center

Microsoft Security Resources

Books and Publications
Writing Secure Code, Michael Howard and David LeBlanc

Microsoft Security Development Lifecycle 3.2

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication, J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy

Improving Web Application Security: Threats and Countermeasures, J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Developer Highway Code, Microsoft Corp, United Kingdom

Tools
Microsoft Threat Analysis & Modeling v2.1.2

Patterns and Practices Guidance Explorer

Security Code Review Checklist Generator

Anti-Cross Site Scripting

URLScan

Microsoft Source Code Analyzer

Scrawlr

MS Source Code Analyser for SQL Injection

Blogs & People
Mark Curphrey's Blog

Michael Howard's Blog

J.D. Meier's Blog

Dominick Baier's Blog

Shawn Farkas' Blog

Microsoft's ACE Team