Difference between revisions of "OWASP .Net Project Roadmap"

From OWASP
Jump to: navigation, search
(Project Activity)
Line 1: Line 1:
== Goals ==
+
= Themes =
*To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.
+
The themes of the .NET Project include:
*To organize content specific to OWASP projects that can be used or referenced for .NET security.  
+
* Deep, rich guidance for .NET developers in using the security features of .NET
*To reach out and bring in content from the open source community to protect users of .NET web applications and services.
+
* Guidance for use of OWASP components that are designed for use with .NET
 +
* Information about working with and on OWASP tools built using .NET
  
We have the following short-term goals:
+
= Features =
# Reorganize the OWASP .NET Project based on role and quick access to information
+
# Promote the OWASP .NET Project to recruit volunteers as collaborators, editors and reviewers
+
# Promote the OWASP .NET Project to the general community
+
  
== Current Tasks ==
+
Features are parts of the project at a very high level.
# Change landing page to point to roles
+
# Create a page for each role and move appropriate existing links
+
# Identify existing resources to add to each role page
+
# Identify active OWASP projects that use .NET
+
  
== Ideas ==
+
== Guidance ==
Please feel free to send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)
+
  
== Project Activity ==
+
Guidance is documentation that assists .NET developers impleenting the security features of the framework. Current examples include:
[http://code.google.com/p/owasp-net-content/  OWASP .NET Content Project]
+
  
To keep track of tasks and deliverables for the project, the OWASP .NET Project has a [http://code.google.com/p/owasp-net-content/ Google code workspace].  Feel free to Join the project.
+
* The .NET Security Cheat Sheet
 +
* .NET Penetration Testing
  
Tasks include Articles, Wiki, Editing, Review and Archive, with the following definitions:
+
Current plans include:
  
*Articles - articles related to a .NET security topic.
+
* Rfc2898DeriveBytes for PBKDF2
 +
* WIF
 +
* AntiXssEncoder
 +
* DPAPI
 +
* Exception handling
 +
* Anti CSRF
 +
* Memory Management
 +
* ClickOnce Deployment
  
*Wiki - pages for tracking .NET security topics (includes links to articles, tools and references).
+
== Components ==
  
*Editing - this task identifies pages / articles that require editing. An edit can be requested if content is incorrect, inappropriate or if there is misspelling or poor grammar. The description should include the edit needed. File attachments with corrections can also be added to the task.
+
Components are pieces of software that assist .NET developers in building more secure code. Many updates are needed:
 +
 
 +
* ESAPI.NET
 +
* .NET CSRF Guard
 +
* AntiSamy .NET
 +
 
 +
== Projects that use .NET ==
 +
 
 +
These are projects that happen to be built in .NET and could use .NET development assistance
 +
 
 +
* O2
 +
* WebGOAT.NET
 +
 
 +
= Ideas =
 +
Please send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)
  
*Review - this is a task for documentation review.  Add this task for articles or pages that need to be reviewed.
 
  
*Archive - this task is to archive outdated content.
 
  
  
  
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Revision as of 19:09, 29 March 2014

Themes

The themes of the .NET Project include:

  • Deep, rich guidance for .NET developers in using the security features of .NET
  • Guidance for use of OWASP components that are designed for use with .NET
  • Information about working with and on OWASP tools built using .NET

Features

Features are parts of the project at a very high level.

Guidance

Guidance is documentation that assists .NET developers impleenting the security features of the framework. Current examples include:

  • The .NET Security Cheat Sheet
  • .NET Penetration Testing

Current plans include:

  • Rfc2898DeriveBytes for PBKDF2
  • WIF
  • AntiXssEncoder
  • DPAPI
  • Exception handling
  • Anti CSRF
  • Memory Management
  • ClickOnce Deployment

Components

Components are pieces of software that assist .NET developers in building more secure code. Many updates are needed:

  • ESAPI.NET
  • .NET CSRF Guard
  • AntiSamy .NET

Projects that use .NET

These are projects that happen to be built in .NET and could use .NET development assistance

  • O2
  • WebGOAT.NET

Ideas

Please send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)