Difference between revisions of "OWASP .Net Project Roadmap"

From OWASP
Jump to: navigation, search
(Project Activity)
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Goals ==
+
= Overview =
*To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.
+
*To organize content specific to OWASP projects that can be used or referenced for .NET security.
+
*To reach out and bring in content from the open source community to protect users of .NET web applications and services.
+
  
We have the following short-term goals:
+
The .NET Framework has seen significant security improvement over the last ten years of development. With proper use the core security problems that are seen in web applications, or even Windows executibles, are difficult to exploit.  
# Reorganize the OWASP .NET Project based on role and quick access to information
+
# Promote the OWASP .NET Project to recruit volunteers as collaborators, editors and reviewers
+
# Promote the OWASP .NET Project to the general community
+
  
== Current Tasks ==
+
The key is 'proper use' and that is the goal of the .NET Project - assist with proper use. Education, components and tools that are appropriate for the latest .NET versions should be the focus for output of this project. As tools and information become out of date, they will be moved to a sunset mode, still available to those using older versions of the framework.
# Change landing page to point to roles
+
# Create a page for each role and move appropriate existing links
+
# Identify existing resources to add to each role page
+
# Identify active OWASP projects that use .NET
+
  
== Ideas ==
+
= Themes =
Please feel free to send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)
+
The themes of the .NET Project include:
 +
* Deep, rich guidance for .NET developers using the security features of .NET
 +
* Access to use of OWASP components that are designed for use with .NET
 +
* Information about working with and on OWASP tools built using .NET
  
== Project Activity ==
+
= Features =  
To keep track of tasks and deliverables for the project, the OWASP .NET Project has a [http://code.google.com/p/owasp-net-content/ Google code workspace].  Tasks include Articles, Wiki, Editing, Review and Archive, with the following definitions:
+
  
*Articles - articles related to a .NET security topic.
+
Features are parts of the project at a very high level. There are three themes, and they include guidance for developers, components that help to write more secure .NET projects, and tools for general security and testing written in .NET.
  
*Wiki - pages for tracking .NET security topics (includes links to articles, tools and references).
+
== Guidance ==
  
*Editing - this task identifies pages / articles that require editing. An edit can be requested if content is incorrect, inappropriate or if there is misspelling or poor grammar.  The description should include the edit needed.  File attachments with corrections can also be added to the task.
+
Guidance is documentation that assists .NET developers implementing the security features of the framework. Current examples include:
  
*Review - this is a task for documentation review. Add this task for articles or pages that need to be reviewed.
+
* The [[.NET Security Cheat Sheet]]
 +
* [[.NET Penetration Testing]]
  
*Archive - this task is to archive outdated content.
+
== Components ==
 +
 
 +
Components are pieces of software that assist .NET developers in building more secure code. A number of projects exist that are for older versions of .NET. While they are no longer valid for later versions, they are still acceptable for use. Many updates are needed to a number of other projects.
 +
 
 +
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Dot_NET ESAPI.NET]
 +
* [[.Net CSRF Guard]]
 +
* [https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project_.NET AntiSamy .NET]
 +
* [[.NET AntiXSS Library]]
 +
 
 +
== Projects that use .NET ==
 +
 
 +
These are projects that happen to be built in .NET. Many of them could use .NET development assistance:
 +
 
 +
* [[OWASP O2 Platform]]
 +
* [https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET WebGOAT.NET]
 +
 
 +
= Ideas =
 +
Please send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)
  
  
[http://code.google.com/p/owasp-net-content/  OWASP .NET Content Project]
 
  
  
  
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Revision as of 11:42, 14 April 2014

Overview

The .NET Framework has seen significant security improvement over the last ten years of development. With proper use the core security problems that are seen in web applications, or even Windows executibles, are difficult to exploit.

The key is 'proper use' and that is the goal of the .NET Project - assist with proper use. Education, components and tools that are appropriate for the latest .NET versions should be the focus for output of this project. As tools and information become out of date, they will be moved to a sunset mode, still available to those using older versions of the framework.

Themes

The themes of the .NET Project include:

  • Deep, rich guidance for .NET developers using the security features of .NET
  • Access to use of OWASP components that are designed for use with .NET
  • Information about working with and on OWASP tools built using .NET

Features

Features are parts of the project at a very high level. There are three themes, and they include guidance for developers, components that help to write more secure .NET projects, and tools for general security and testing written in .NET.

Guidance

Guidance is documentation that assists .NET developers implementing the security features of the framework. Current examples include:

Components

Components are pieces of software that assist .NET developers in building more secure code. A number of projects exist that are for older versions of .NET. While they are no longer valid for later versions, they are still acceptable for use. Many updates are needed to a number of other projects.

Projects that use .NET

These are projects that happen to be built in .NET. Many of them could use .NET development assistance:

Ideas

Please send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)