Difference between revisions of "Category:OWASP .NET Project"

From OWASP
Jump to: navigation, search
(Current Projects)
Line 1: Line 1:
Welcome to the OWASP .Net Project. These pages are still in 'very alpha' format since we are still importing content (check out '''[[To Do on Owasp .Net Project Pages]]''' if you want to help out)
+
==About==
 +
The OWASP .NET Project contains content related to securing .NET applications and services.
  
{|
 
| valign="top" |
 
 
== Latest ==
 
* Nov 2007: Uploaded test scripts from OWASP training in San Jose [https://www.owasp.org/images/7/7d/Fetch_Web_Page_%28from_OWASP_training_in_San_Jose%29.zip download here]
 
* Jun 2007: Created stub pages for Microsoft's [[SliverLight]], Abobe's [[AIR]], Microsoft's [[WSS]] and Apple's [[iPhone]]
 
* Jun 2007: [[DN_BOFinder]] Uploaded latest version to Sourceforge and updated WIKI page
 
* Feb 2007: Added info about the new tool: DotNet Buffer Overflow Finder [[DN_BOFinder]]
 
* 14th September: Added stub page [[Source Code Audit Tools]]
 
* 31st August: [[OWASP Autumn Of Code 2006 : Press Release | OWASP Autumn Of Code 2006]],  Today we are lauching a new project called "OWASP Autumn of Code 2006" which will sponsor individuals to work on existing OWASP Projects.
 
* 31st August: [http://video.google.com/videoplay?docid=941077664562737284 Dinis Cruz video interview], Dinis talks about .NET security, the future of OWASP, and the brand new [[Autumn of Code]] project.
 
* 14 August: Finished adding in the <nowiki> {{Template:Stub}} </nowiki> to the pages - Mike de Libero
 
* 29 July: New finding [[Full Trust CLR Verification issue: changing the return address order]]
 
* 28 July: Added new tool [[.Net Assembly Analyzer]]
 
* 27 July: New Layout for home page
 
* 25 July: Made tons of changes to lots of pages (from new content, to images, etc...)
 
* 20 July: [[Owasp Report Generator]] page with links for download
 
* Uploaded latest version of [[Owasp SiteGenerator]](including the source code) to SourceForge and updated the links in [[Owasp SiteGenerator]]
 
* 11 July: [[Microsoft Security Bulletin July 2006-Vulnerabilities in IIS and ASP.Net]]
 
* 11 July: We have started to upload the OWASP .Net Projects to [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=105632 SourceForge dotNET section]. SiteGenerator is up there and more will follow.
 
  
Unless marked, the above entries were posted by [[User:Dinis.cruz|Dinis.cruz]]  
+
==.NET Project Overview==
 +
{| align="right" class="wikitable"
 +
|-
 +
! OWASP Project Quick Reference
 +
|-
 +
|
 +
*[[OWASP Top 10 Project]]<br />
 +
*[[OWASP Testing Guide]]<br />
 +
*[[.Net Assembly Analyzer]]<br />
 +
*[[OWASP WebGoat Project]]<br />
 +
*[[OWASP WebScarab Project]]
 +
*[http://code.google.com/p/owasp-net-content/  OWASP .NET Content Project]
 +
|-
 +
|}
  
| valign="top" |
+
'''Purpose'''
  
[[Category:OWASP Project]]
+
The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services.  The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.
  
== Current Projects ==
+
Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]].  There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!
* [[Owasp SiteGenerator]] (sponsored by Foundstone)
+
* [[Owasp Report Generator]]
+
* [[ANBS]] (Asp.Net Baseline Security) - includes the tools [[SAM'SHE]] (Security Analyzer for Microsoft's Shared Hosting Environments) and [[Online IIS Metabase Explorer]]
+
* [[ASP.NET Reflector]]
+
* [[ANSA]] (Asp.Net Security Analyzer) - first tool developed by Dinis Cruz that hilights the security problems of Full Trust Asp.Net code (contains Proof of Concept tests (i.e. exploits))
+
* [[DefApp]] - Partial port of ModSecurity to the .Net Platform
+
* [[Owasp FOSBBWAS (code name Beretta)]]
+
* [[.Net Assembly Analyzer]]
+
* [[OWASP_Tiger|OWASP Tiger]]
+
  
'''Related Foundstone Open source projects'''
+
'''Goals'''
* [[Hacme Bank]] (Foundstone tool)
+
* [[.NetMon]] (Foundstone tool)
+
* [[Validator.NET]] (Foundstone tool)
+
  
 +
*To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.
  
'''Note:''' All releases are available on the [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=105632 dotNET section] of the [https://sourceforge.net/projects/owasp/ SourceForge OWASP Project pages]
+
*To organize content specific to OWASP projects that can be used or referenced for .NET security.
  
|-
+
*To reach out and bring in content from the open source community to protect users of .NET web applications and services.
| valign="top" |
+
  
== .Net Security ==
+
'''Content'''
* [[.Net Full Trust]] (A discussion on the security implications of running .NET applications using the default Full Trust security model)
+
* [[.Net Type Safety]]
+
* [[.Net Framework Security Issues]]
+
* [[Rooting The CLR]]
+
  
| valign="top" |
+
The following sections include content that can be useful for a specific role in securing .NET web applications and services:
  
== Other misc stuff ==
+
; [[.NET Security for Architects| .NET Security for Architects]]
* [[London Chapter WAF event]]
+
; [[.NET Security for Developers| .NET Security for Developers]]
* [[Security Podcasts]]
+
; [[.NET Security for IT Professional| .NET Security for IT Professionals]]
* [[CVS details for Editors]]
+
; [[.NET Penetration Testing| .NET Penetration Testing]]
* [[Wiki Edit Tips]]
+
; [[.NET Incident Response| .NET Incident Response]]
* '''Code Samples'''
+
** [[.Net Code Sample - Reflecting assembly with missing dependency]]
+
** [[Files_Xml_WindowsMessages]] (with serialization stuff)
+
* [[.Net Research Links]]
+
* [[.Net Security Tools]]
+
* [[Richard Crypto .Net Stuff]]
+
* [[2006 Autumn Of Code]]
+
* [[OWASP .Net Project Roadmap]]
+
* [[.NET Project ReOrg Alpha]]
+
|}
+
  
== Mailing List ==
+
For active projects:
We have a mailing list at Sourceforge which we use to discuss relevant issue to .Net security (see [[How to join Owasp.Net Mailing List]])
+
; [[OWASP .NET Active Projects]]
 +
 
 +
For emerging technology projects:
 +
; [[OWASP .NET Vulnerability Research]]
 +
 
 +
==Joining the Project==
 +
The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]
 +
* Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].
 +
* If you'd like to contribute:
 +
# visit the [[Tutorial]],
 +
# join the mailing list (see [[How to join Owasp.Net Mailing List]])
 +
# and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic
 +
# or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.
 +
 
 +
Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.
 +
 
 +
 
 +
 
 +
{| align="right" class="wikitable" width="100%"
 +
|-
 +
! OWASP .NET Project Latest
 +
|-
 +
|
 +
* April 29 2008: Added [[ASP.NET Request Validation]] wiki page
 +
* April 19 2008: Added [[OWASP .NET Vulnerability Research]] wiki page
 +
* April 9 2008: [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2] published
 +
* March 2008:  Project ReOrg - the .NET Project section is being reorganized, see the [[OWASP .Net Project Roadmap]] for what we're doing here.
 +
* Nov 2007: Uploaded test scripts from OWASP training in San Jose [https://www.owasp.org/images/7/7d/Fetch_Web_Page_%28from_OWASP_training_in_San_Jose%29.zip download here]
 +
* Jun 2007: Created stub pages for Microsoft's [[SilverLight]], Abobe's [[AIR]], Microsoft's [[WSS]] and Apple's [[iPhone]]
 +
|-
 +
|}
  
 
[[Category:OWASP Project]]
 
[[Category:OWASP Project]]
 
[[Category:OWASP Tool]]
 
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
 
  
 
__NOTOC__
 
__NOTOC__

Revision as of 11:50, 27 May 2008

About

The OWASP .NET Project contains content related to securing .NET applications and services.


.NET Project Overview

OWASP Project Quick Reference

Purpose

The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.

Please review the vulnerabilities section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the .NET category. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!

Goals

  • To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.
  • To organize content specific to OWASP projects that can be used or referenced for .NET security.
  • To reach out and bring in content from the open source community to protect users of .NET web applications and services.

Content

The following sections include content that can be useful for a specific role in securing .NET web applications and services:

.NET Security for Architects
.NET Security for Developers
.NET Security for IT Professionals
.NET Penetration Testing
.NET Incident Response

For active projects:

OWASP .NET Active Projects

For emerging technology projects:

OWASP .NET Vulnerability Research

Joining the Project

The project's high level roadmap can be found at the OWASP .Net Project Roadmap

  • Please submit your ideas for articles, content and general feedback to the .NET Project Wishlist.
  • If you'd like to contribute:
  1. visit the Tutorial,
  2. join the mailing list (see How to join Owasp.Net Mailing List)
  3. and pick a topic from the .NET Project Wishlist or suggest a new topic
  4. or check out our active projects list, OWASP .NET Active Projects, and join one today.

Remember to add the tag: [[Category:OWASP .NET Project]] to the end of new articles so that they're properly categorized.


OWASP .NET Project Latest

Subcategories

This category has the following 2 subcategories, out of 2 total.

.

  • .NET(empty)

T

Pages in category "OWASP .NET Project"

The following 81 pages are in this category, out of 81 total.

.

2

A

A cont.

B

C

D

E

F

H

I

J

L

M

O

O cont.

P

R

S

T

U

W

Media in category "OWASP .NET Project"

The following 2 files are in this category, out of 2 total.