Difference between revisions of "OWASP .NET Recommended Resources"

From OWASP
Jump to: navigation, search
(General)
 
(11 intermediate revisions by 4 users not shown)
Line 10: Line 10:
 
==OWASP .NET Recommended Resources==
 
==OWASP .NET Recommended Resources==
  
 +
This is a canonical list of outside resources for .NET developers seeking security information.
  
===Areas of Concern===
+
===Blogs & People===
  
*Getting Started
+
[http://securitybuddha.com/ Mark Curphrey's Blog]
  
*Tutorials
+
[http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]
  
*Best Practices
+
[http://blogs.msdn.com/jmeier/archive/tags/Security/default.aspx J.D. Meier's Blog]
  
*OWASP Guidance and Tools
+
[http://www.leastprivilege.com Dominick Baier's Blog]
 +
 
 +
[http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]
 +
 
 +
[http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]
 +
 
 +
[http://www.troyhunt.com/ Troy Hunt's Blog]
  
 
===Advisories, Articles & Projects===
 
===Advisories, Articles & Projects===
  
[http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]
+
[http://msdn.microsoft.com/en-us/library/ee658105.aspx Security and Operational Guidance for .NET Applications]
  
 
[http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]
 
[http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]
Line 33: Line 40:
 
[http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]
 
[http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]
  
[http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]
+
[http://msdn.microsoft.com/en-us/library/Ee817643(pandp.10).aspx Authentication in ASP.NET: .NET Security Guidance]
  
 
[http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]
 
[http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]
Line 41: Line 48:
 
[http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]
 
[http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]
  
[http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]
+
[http://wcfsecurityguide.codeplex.com/ Security Guidance for Windows Communication Foundation]
  
 
[http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]
 
[http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]
  
===Online References===
+
===Online References, Training===
  
 
[http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]
 
[http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]
 
[http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]
 
  
 
[http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]
 
[http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]
  
 
[http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]
 
[http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]
 +
 +
[http://pluralsight.com/training/Courses#security Pluralsight Security Course Catalog]
 +
 +
[http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html OWASP Top 10 for .NET developers - Troy Hunt]
 +
 +
[http://www.teammentor.net/teamMentor TeamMentor]
  
 
===Books and Publications===
 
===Books and Publications===
Line 66: Line 77:
  
 
[http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom
 
[http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom
 +
 +
[http://securitydriven.net/ Security Driven .NET], Stan Drapkin
  
 
===Tools===
 
===Tools===
  
[http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]
+
[http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing-microsoft-threat-modeling-tool-2014.aspx Microsoft Threat Modeling Tool 2014]
 
+
[http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]
+
 
+
[http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]
+
  
 
[http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]
 
[http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]
Line 80: Line 89:
  
 
[http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]
 
[http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]
 
[http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]
 
  
 
[http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]
 
[http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]
 
===Blogs & People===
 
 
===== OWASP =====
 
; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]
 
 
==== General ====
 
[http://securitybuddha.com/ Mark Curphrey's Blog]
 
 
[http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]
 
 
[http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]
 
 
[http://www.leastprivilege.com Dominick Baier's Blog]
 
 
[http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]
 
 
[http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]
 

Latest revision as of 11:00, 8 May 2014

OWASP .NET Quick Reference

OWASP .NET Recommended Resources

This is a canonical list of outside resources for .NET developers seeking security information.

Blogs & People

Mark Curphrey's Blog

Michael Howard's Blog

J.D. Meier's Blog

Dominick Baier's Blog

Shawn Farkas' Blog

Microsoft's ACE Team

Troy Hunt's Blog

Advisories, Articles & Projects

Security and Operational Guidance for .NET Applications

ASP.NET Security Architecture

patterns & practices Security Engineering Index

patterns & practices Security Guidance for Applications Index

patterns & practices Security Guidance for .NET Framework 2.0

Authentication in ASP.NET: .NET Security Guidance

Security Engineering

Solutions to SOA Security

Web Service Specifications

Security Guidance for Windows Communication Foundation

Microsoft Security Advisory (954462) (SQL Injection Advisory)

Online References, Training

Patterns and Practices

MSDN Security Developer Center

Microsoft Security Resources

Pluralsight Security Course Catalog

OWASP Top 10 for .NET developers - Troy Hunt

TeamMentor

Books and Publications

Writing Secure Code, Michael Howard and David LeBlanc

Microsoft Security Development Lifecycle 3.2

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication, J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy

Improving Web Application Security: Threats and Countermeasures, J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Developer Highway Code, Microsoft Corp, United Kingdom

Security Driven .NET, Stan Drapkin

Tools

Microsoft Threat Modeling Tool 2014

Anti-Cross Site Scripting

URLScan

Microsoft Source Code Analyzer

MS Source Code Analyser for SQL Injection