Difference between revisions of "Category:OWASP .NET Project"

From OWASP
Jump to: navigation, search
(Current Projects)
Line 1: Line 1:
Welcome to the OWASP .Net Project. These pages are still in 'very alpha' format since we are still importing content (check out '''[[To Do on Owasp .Net Project Pages]]''' if you want to help out)
+
==About==
 +
The OWASP .NET Project contains content related to securing .NET applications and services.
  
{|
 
| valign="top" |
 
 
== Latest ==
 
* Nov 2007: Uploaded test scripts from OWASP training in San Jose [https://www.owasp.org/images/7/7d/Fetch_Web_Page_%28from_OWASP_training_in_San_Jose%29.zip download here]
 
* Jun 2007: Created stub pages for Microsoft's [[SliverLight]], Abobe's [[AIR]], Microsoft's [[WSS]] and Apple's [[iPhone]]
 
* Jun 2007: [[DN_BOFinder]] Uploaded latest version to Sourceforge and updated WIKI page
 
* Feb 2007: Added info about the new tool: DotNet Buffer Overflow Finder [[DN_BOFinder]]
 
* 14th September: Added stub page [[Source Code Audit Tools]]
 
* 31st August: [[OWASP Autumn Of Code 2006 : Press Release | OWASP Autumn Of Code 2006]],  Today we are lauching a new project called "OWASP Autumn of Code 2006" which will sponsor individuals to work on existing OWASP Projects.
 
* 31st August: [http://video.google.com/videoplay?docid=941077664562737284 Dinis Cruz video interview], Dinis talks about .NET security, the future of OWASP, and the brand new [[Autumn of Code]] project.
 
* 14 August: Finished adding in the <nowiki> {{Template:Stub}} </nowiki> to the pages - Mike de Libero
 
* 29 July: New finding [[Full Trust CLR Verification issue: changing the return address order]]
 
* 28 July: Added new tool [[.Net Assembly Analyzer]]
 
* 27 July: New Layout for home page
 
* 25 July: Made tons of changes to lots of pages (from new content, to images, etc...)
 
* 20 July: [[Owasp Report Generator]] page with links for download
 
* Uploaded latest version of [[Owasp SiteGenerator]](including the source code) to SourceForge and updated the links in [[Owasp SiteGenerator]]
 
* 11 July: [[Microsoft Security Bulletin July 2006-Vulnerabilities in IIS and ASP.Net]]
 
* 11 July: We have started to upload the OWASP .Net Projects to [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=105632 SourceForge dotNET section]. SiteGenerator is up there and more will follow.
 
  
Unless marked, the above entries were posted by [[User:Dinis.cruz|Dinis.cruz]]  
+
==.NET Project Overview==
 +
{| align="right" class="wikitable"
 +
|-
 +
! OWASP Project Quick Reference
 +
|-
 +
|
 +
*[[OWASP Top 10 Project]]<br />
 +
*[[OWASP Testing Guide]]<br />
 +
*[[.Net Assembly Analyzer]]<br />
 +
*[[OWASP WebGoat Project]]<br />
 +
*[[OWASP WebScarab Project]]
 +
*[http://code.google.com/p/owasp-net-content/  OWASP .NET Content Project]
 +
|-
 +
|}
 +
 
 +
'''Purpose'''
 +
 
 +
The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services.  The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.
 +
 
 +
Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software.  This section has a Quick Reference table for OWASP projects that you can use for your security projects now.  For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]].  There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below).  Contribute work or join our mailing list, many voices are better than one, so join today!
 +
 
 +
'''Goals'''
 +
 
 +
*To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.
 +
 
 +
*To organize content specific to OWASP projects that can be used or referenced for .NET security.
 +
 
 +
*To reach out and bring in content from the open source community to protect users of .NET web applications and services.
  
| valign="top" |
+
'''Content'''
  
[[Category:OWASP Project]]
+
The following sections include content that can be useful for a specific role in securing .NET web applications and services:
  
== Current Projects ==
+
; [[.NET Security for Architects| .NET Security for Architects]]
* [[Owasp SiteGenerator]] (sponsored by Foundstone)
+
; [[.NET Security for Developers| .NET Security for Developers]]
* [[Owasp Report Generator]]
+
; [[.NET Security for IT Professional| .NET Security for IT Professionals]]
* [[ANBS]] (Asp.Net Baseline Security) - includes the tools [[SAM'SHE]] (Security Analyzer for Microsoft's Shared Hosting Environments) and [[Online IIS Metabase Explorer]]
+
; [[.NET Penetration Testing| .NET Penetration Testing]]
* [[ASP.NET Reflector]]
+
; [[.NET Incident Response| .NET Incident Response]]
* [[ANSA]] (Asp.Net Security Analyzer) - first tool developed by Dinis Cruz that hilights the security problems of Full Trust Asp.Net code (contains Proof of Concept tests (i.e. exploits))
 
* [[DefApp]] - Partial port of ModSecurity to the .Net Platform
 
* [[Owasp FOSBBWAS (code name Beretta)]]
 
* [[.Net Assembly Analyzer]]
 
* [[OWASP_Tiger|OWASP Tiger]]
 
  
'''Related Foundstone Open source projects'''
+
For active projects:
* [[Hacme Bank]] (Foundstone tool)
+
; [[OWASP .NET Active Projects]]
* [[.NetMon]] (Foundstone tool)
 
* [[Validator.NET]] (Foundstone tool)
 
  
 +
For emerging technology projects:
 +
; [[OWASP .NET Vulnerability Research]]
  
'''Note:''' All releases are available on the [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=105632 dotNET section] of the [https://sourceforge.net/projects/owasp/ SourceForge OWASP Project pages]
+
==Joining the Project==
 +
The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]
 +
* Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].
 +
* If you'd like to contribute:
 +
# visit the [[Tutorial]],
 +
# join the mailing list (see [[How to join Owasp.Net Mailing List]])
 +
# and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic
 +
# or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.
  
|-
+
Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.
| valign="top" |
 
  
== .Net Security ==
 
* [[.Net Full Trust]] (A discussion on the security implications of running .NET applications using the default Full Trust security model)
 
* [[.Net Type Safety]]
 
* [[.Net Framework Security Issues]]
 
* [[Rooting The CLR]]
 
  
| valign="top" |
 
  
== Other misc stuff ==
+
{| align="right" class="wikitable" width="100%"
* [[London Chapter WAF event]]
+
|-
* [[Security Podcasts]]
+
! OWASP .NET Project Latest
* [[CVS details for Editors]]
+
|-
* [[Wiki Edit Tips]]
+
|
* '''Code Samples'''
+
* April 29 2008: Added [[ASP.NET Request Validation]] wiki page
** [[.Net Code Sample - Reflecting assembly with missing dependency]]
+
* April 19 2008: Added [[OWASP .NET Vulnerability Research]] wiki page
** [[Files_Xml_WindowsMessages]] (with serialization stuff)
+
* April 9 2008: [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2] published
* [[.Net Research Links]]
+
* March 2008:  Project ReOrg - the .NET Project section is being reorganized, see the [[OWASP .Net Project Roadmap]] for what we're doing here.
* [[.Net Security Tools]]
+
* Nov 2007: Uploaded test scripts from OWASP training in San Jose [https://www.owasp.org/images/7/7d/Fetch_Web_Page_%28from_OWASP_training_in_San_Jose%29.zip download here]
* [[Richard Crypto .Net Stuff]]
+
* Jun 2007: Created stub pages for Microsoft's [[SilverLight]], Abobe's [[AIR]], Microsoft's [[WSS]] and Apple's [[iPhone]]
* [[2006 Autumn Of Code]]
+
|-
* [[OWASP .Net Project Roadmap]]
 
* [[.NET Project ReOrg Alpha]]
 
 
|}
 
|}
 
== Mailing List ==
 
We have a mailing list at Sourceforge which we use to discuss relevant issue to .Net security (see [[How to join Owasp.Net Mailing List]])
 
  
 
[[Category:OWASP Project]]
 
[[Category:OWASP Project]]
 
[[Category:OWASP Tool]]
 
[[Category:OWASP Tool]]
[[Category:OWASP Download]]
 
  
 
__NOTOC__
 
__NOTOC__

Revision as of 11:50, 27 May 2008

About

The OWASP .NET Project contains content related to securing .NET applications and services.


.NET Project Overview

OWASP Project Quick Reference

Purpose

The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.

Please review the vulnerabilities section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the .NET category. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!

Goals

  • To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.
  • To organize content specific to OWASP projects that can be used or referenced for .NET security.
  • To reach out and bring in content from the open source community to protect users of .NET web applications and services.

Content

The following sections include content that can be useful for a specific role in securing .NET web applications and services:

.NET Security for Architects
.NET Security for Developers
.NET Security for IT Professionals
.NET Penetration Testing
.NET Incident Response

For active projects:

OWASP .NET Active Projects

For emerging technology projects:

OWASP .NET Vulnerability Research

Joining the Project

The project's high level roadmap can be found at the OWASP .Net Project Roadmap

  • Please submit your ideas for articles, content and general feedback to the .NET Project Wishlist.
  • If you'd like to contribute:
  1. visit the Tutorial,
  2. join the mailing list (see How to join Owasp.Net Mailing List)
  3. and pick a topic from the .NET Project Wishlist or suggest a new topic
  4. or check out our active projects list, OWASP .NET Active Projects, and join one today.

Remember to add the tag: [[Category:OWASP .NET Project]] to the end of new articles so that they're properly categorized.


OWASP .NET Project Latest

Pages in category "OWASP .NET Project"

The following 59 pages are in this category, out of 59 total.

Media in category "OWASP .NET Project"

The following 2 files are in this category, out of 2 total.