OWASP - User contributions [en]

https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Mroxberr OWASP - User contributions [en] 2026-04-17T17:26:54Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=ORG_(OWASP_Report_Generator)&diff=151840 ORG (OWASP Report Generator) 2013-05-18T06:32:45Z

<p>Mroxberr: </p> <hr /> <div>==== Main ====<br /> <br /> The ORG (OWASP Report Generator) is a tool for Security Consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.<br /> <br /> Currently [[:User:Mroxberr|'''Mark Roxberry''']] leads this project. Formerly the project leader was [[User:Dinis.cruz|Dinis Cruz]] with strong contributions from [[User:medelibero|Mike de Libero]]. Mike was sponsored under an OWASP Autumn of Code 2006 sponsorship to work on ORG.<br /> <br /> == Downloads ==<br /> <br /> The latest release of ORG's installer can be found at (updated on 1/15/2007) - Please note that the installer will not work on Windows x64 bit architecutre (you have to use the source code from the zip file below - .<br /> [http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=osdn&filename=ORG_v0.88.msi Report Generator Installer]<br /> <br /> The source code for latest stable version can be downloaded from here (updated on 11/1/2006): [http://prdownloads.sourceforge.net/owasp/ReportGenerator.zip Report Generator Source]<br /> <br /> This project is in active development and the latest version can be obtained from [http://owasp-code-central.googlecode.com/svn/trunk/labs/ReportGenerator Google SVN]<br /> <br /> '''Instructions for using the zip file'''<br /> <br /> 1) Unzip the files <br /> <br /> 2) Run regAuthenticPlugin.bat to register the AuthenticPlugin<br /> <br /> 3) Open the solution in VS.Net 2k5. You can use any version of VS but the primary version used for development is the express edition. <br /> <br /> 4) More than likely you need to modify the references area to use the local files for [IxInterop|AxInterop].XMLSPYPLUGIN. <br /> <br /> 5) For Windows 64bit, do the following: In the project properties, select "Build Events" then in Post-build event command line add the following lines:<br /> <br /> call "$(DevEnvDir)..\tools\vsvars32.bat"<br /> <br /> editbin.exe /NXCOMPAT:NO "$(TargetPath)"<br /> <br /> 6) Then try and compile and you should be good to go. If not contact Mike and we will work with you to get it all straightened out and so we can adjust this process.<br /> <br /> == ORG Development ==<br /> <br /> The current version under development is v0.86 and you can see the change log here: [[ORG (Owasp Report Generator) - Change Log]]<br /> <br /> The current Todo is here: [[ORG (Owasp Report Generator) - To Do]]<br /> <br /> == Getting setup for an assessment ==<br /> <br /> '''Step 1)''' Create a profile for you to use on your computer. You can do this on the first screen that will be encountered when running ORG. <br /> <br /> [[Image:Profile_ss.jpg]]<br /> <br /> Once the information has been inputted click on “Start Pen Test Reporter” and you are ready to start adding new projects.<br /> <br /> <br /> '''Step 2)''' The next step is to create a project. With the “Current and Archived Projects” window open make sure that the project metadata tab is selected. From there in the lower left hand corner you will see an area to type in a new project and then click “Add”. You will then see a window like the one below.<br /> <br /> [[Image:Project_setup_ss.jpg]]<br /> <br /> You can now type in the pertinent information about your project. After that you are ready to identify your targets and start attacking (i.e. the fun part!).<br /> <br /> <br /> '''Step 3)''' Next click on the targets tab, this will allow you to define the targets for your assessment. Below is a screen shot of an example of a target during an assessment. <br /> <br /> [[Image:Org_target_ss.jpg]]<br /> <br /> The above area gives you the logistics of the target things like name, IP(s), the type of target and common dns names. The bottom area allows you to put files related to the target. <br /> <br /> <br /> You can also import in targets from an NMap scan if you use the xml output file option. To do import targets click the “Import Targets” button and select the saved scan.<br /> <br /> <br /> '''Step 4)''' After defining the attack targets you can specify the individual tasks you wish to perform on the targets. A screen like the one below should be shown. <br /> <br /> [[Image:Org_target_tasks_ss.jpg]]<br /> <br /> Using this screen you can manage the tasks that need to be done for an assessment, things like information gathering, auditing of source code and other tasks that are normally done during a security audit. You can specify the state of each task with the drop down in the status column. <br /> <br /> <br /> We now have all the background information but we need a way to let our customers know what we have found that is where the findings tab comes into play.<br /> <br /> == Recording assessment findings ==<br /> During an assessment you can record all your findings using the findings tab in the projects form. All findings must be associated to a target. An example findings window is below. These findings will later be added to reports that you will give to your customers. <br /> <br /> [[Image:Org_findings_ss.jpg]]<br /> <br /> You can add screenshots to the additional details area of the findings screen as well. To create findings use the “Add Finding” area. This will give you a blank slate and initially use the simple mode. <br /> <br /> <br /> You can change the template for the editor by using the drop down labeled “Editor Template To Use”. There are two other options besides simple mode they are: Authentic – All Fields Mode and Windows Explorer. The all fields mode allows you to specify more detailed information. While, the windows explorer mode allows you to add other artifacts related to this finding, like code excerpts, PoC code, etc…<br /> <br /> <br /> After we are done finding all the holes in our targets we need to report them to our customers. <br /> <br /> == Reporting Our Findings ==<br /> '''Step 1)''' Click on the “Report Contents” tab and fill out the information there. This will be later used for the executive summary and other reports that need to be ran. Below is an example screen of the report contents filled out. <br /> <br /> [[Image:Org_report_contents_tab_ss.jpg]]<br /> <br /> Click on ”Save Report Contents” and we are ready for the next step generating a report.<br /> <br /> <br /> '''Step 2)''' The first thing to do is click on the “Report Pdf” tab. Select the xslt you wish to use for the report then select “FOP” for what you want to create the report with. Then click on “Create report files using”. After clicking on the button a small PDF reader will show up on the form. You can then save the report to wherever you wish. An example screen shot is below.<br /> <br /> [[Image:Org_pdf_report_ss.jpg]]<br /> <br /> The other way to create reports is by click on the reports button at the very top. You will see a screen like the one below.<br /> <br /> [[Image:Org_reports_ss.jpg]]<br /> <br /> == Adding new entries into drop downs ==<br /> A user has the ability to modify the values in the drop downs in the targets, findings, project details and target tasks by modifying the any sps files under <Application_Path>/VulnReport_Files/sps/. <br /> <br /> == ORG Active Developers ==<br /> <br /> * [[ORG (Owasp Report Generator) - Mike de Libero]]<br /> * [[ORG (Owasp Report Generator) - Dinis Cruz]]<br /> <br /> Other related [[https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=105632 OWASP .Net Project Downloads]]<br /> <br /> == Building the Installer ==<br /> ORG is built using the WiX installer [http://wix.sourceforge.net/]. The assumption is that the folder housing the WiX libraries is in your search path. <br /> <br /> * Setup a directory like the below screen shot<br /> ** '''Note''' the following files can be found in the Google SVN: BuildInstaller.bat, FOP.zip.txt, regAuthenticPlugin.bat, ORG_v0.88.wxs, ORG_CONFIG_FILEs.zip.txt, AuthenticPlugin.zip.txt, AxInterop.PdfLib.dll, AxInterop.SHDocVw.dll, AxInterop.XMLSPYPLUGINLib.dll, ICSharpCode.TextEditor.dll, ICSharpCode.TextEditor.dll, Interop.SHDocVw.dll, Interop.XMLSPYPLUGINLib.dll, SharpZipLib.dll<br /> [[Image:Org_installer_files_ss.gif]]<br /> * Run the batch script BuildInstaller.bat<br /> <br /> When a new version of the installer needs to be built the ID for the product element needs to be replaced along with the version information. <br /> <br /> <br /> <br /> ==== Project Identification ====<br /> <br /> [[Category:OWASP Project|Report Generator)]]<br /> [[Category:OWASP .NET Project]]<br /> [[Category:OWASP Tool]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Alpha Quality Tool]]<br /> <br /> {{Template:OWASP Project Identification Tab<br /> | project_name = OWASP Report Generator Project<br /> | project_description = The ORG (OWASP Report Generator) is a multi-purpose reporting tool designed to be extensible for various reporting needs. By using what is known as a provider model, report providers can be plugged in to ORG. OWASP Report Providers will include Penetration Testing and SDL. The Penetration Testing Report Provider supports the documentation and reporting of security vulnerabilities discovered during security audits. The SDL Report Provider supports the documentation and reporting requirements of the Secure Development Lifecycle. Beyond OWASP Report Providers, the community can leverage the ORG for their own reporting needs. <br /> | project_license = [http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License]<br /> | leader_name = Mark Roxberry<br /> | leader_email = <br /> | leader_username = Mroxberr<br /> | maintainer_name = Mark Roxberry<br /> | maintainer_email = <br /> | maintainer_username = Mroxberr<br /> | contributor_name1 =<br /> | contributor_email1 = <br /> | contributor_username1 =<br /> | contributor_name2 = <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> | contributor_name3 = <br /> | contributor_email3 = <br /> | contributor_username3 = <br /> | contributor_name4 = <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> | contributor_name5 = <br /> | contributor_email5 = <br /> | contributor_username5 = <br /> | contributor_name6 = <br /> | contributor_email6 = <br /> | contributor_username6 = <br /> | contributor_name7 = <br /> | contributor_email7 = <br /> | contributor_username7 = <br /> | contributor_name8 = <br /> | contributor_email8 = <br /> | contributor_username8 = <br /> | contributor_name9 = <br /> | contributor_email9 = <br /> | contributor_username9 = <br /> | contributor_name10 = <br /> | contributor_email10 = <br /> | contributor_username10 = <br /> | pamphlet_link = <br /> | presentation_link = <br /> | mailing_list_name = owasp-org<br /> | links_url1 = http://code.google.com/p/org2/<br /> | links_name1 = Code<br /> | links_url2 = http://owasprox.blogspot.com/search/label/org2<br /> | links_name2 = Blog<br /> | links_url3 = <br /> | links_name3 = <br /> | links_url4 = <br /> | links_name4 = <br /> | links_url5 = <br /> | links_name5 = <br /> | links_url6 = <br /> | links_name6 = <br /> | links_url7 = <br /> | links_name7 = <br /> | links_url8 = <br /> | links_name8 = <br /> | links_url9 = <br /> | links_name9 = <br /> | links_url10 = <br /> | links_name10 = <br /> | project_road_map = http://code.google.com/p/org2/wiki/RoadMap<br /> | project_health_status = <br /> | current_release_name = ORG v.088 <br /> | current_release_date = August 2009<br /> | current_release_download_link = http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=osdn&filename=ORG_v0.88.msi<br /> | current_release_details = :Category:OWASP_Report_Generator_Project_-_ORG_v.088_Release<br /> | current_release_rating = - 1<br /> | current_release_leader_name = Dinis Cruz<br /> | current_release_leader_email = <br /> | current_release_leader_username = Dinis.cruz<br /> | last_reviewed_release_name = <br /> | last_reviewed_release_date = <br /> | last_reviewed_release_download_link = <br /> | last_reviewed_release_rating = <br /> | last_reviewed_release_leader_name = <br /> | last_reviewed_release_leader_email = <br /> | last_reviewed_release_leader_username = <br /> | old_release_name1 = <br /> | old_release_date1 = <br /> | old_release_download_link1 = <br /> | old_release_name2 = <br /> | old_release_date2 = <br /> | old_release_download_link2 = <br /> | old_release_name3 = <br /> | old_release_date3 = <br /> | old_release_download_link3 = <br /> | old_release_name4 = <br /> | old_release_date4 = <br /> | old_release_download_link4 = <br /> | old_release_name5 = <br /> | old_release_date5 = <br /> | old_release_download_link5 = <br /> }} <br /> __NOTOC__ <headertabs /></div>

Mroxberr https://wiki.owasp.org/index.php?title=HTML5_Security_Cheat_Sheet&diff=145273 HTML5 Security Cheat Sheet 2013-02-20T22:29:47Z

<p>Mroxberr: vanity change</p> <hr /> <div>= Introduction =<br /> <br /> The following cheat sheet serves as a guide for implementing HTML 5 in a secure fashion. <br /> <br /> = General Guidelines =<br /> <br /> == Communication APIs ==<br /> <br /> === Web Messaging ===<br /> <br /> Web Messaging, also known as Cross Domain Messaging provides a means of messaging between documents from different origins in a way which is generally safer than the multiple hacks used in the past to accomplish this task, however, there are still some recommendations to keep in mind: <br /> <br /> *When posting a message, explicitly state the expected origin as the second argument to <tt>postMessage</tt> rather than <tt>*</tt> in order to prevent sending the message to an unknown origin after a redirect or some other means of the target window's origin changing. <br /> *The receiving page should '''always''': <br /> **Check the <tt>origin</tt> attribute of the sender to verify the data is originating from the expected location, and <br /> **Perform input validation on the <tt>data</tt> attribute of the event to ensure it's in the desired format.<br /> *Don't assume you have control over data attribute. Single [[Cross-site_Scripting_(XSS)|Cross Site Scripting]] flaw in sending page allows attacker to send messages of any given format.<br /> *Both pages should only interpret the exchanged messages as '''data'''. Never evaluate passed messages as code (e.g. via eval() )&nbsp;or insert it to a page DOM (e.g. via&nbsp;innerHTML) as that would create a DOM based XSS vulnerability. For more information see [[DOM based XSS Prevention Cheat Sheet|DOM based XSS Prevention Cheat Sheet]].<br /> *To assign the data value to an element, instead of using a insecure method like <tt>element.innerHTML = data;</tt> use the safer option <tt>element.textContent = data;</tt><br /> *Check the origin properly exactly to match the FQDN(s) you expect. Note that the following code: <tt> if(message.orgin.indexOf(".owasp.org")!=-1) { /* ... */ }</tt> is very insecure and will not have the desired behavior as www.owasp.org.attacker.com will match.<br /> *If you need to embed external content/untrusted gadgets and allow user-controlled scripts which is highly discouraged, consider use a JavaScript rewriting framework such as [http://code.google.com/p/google-caja/ Google Caja] or check the information on [[#Sandboxed frames|sandboxed frames]]<br /> <br /> === Cross Origin Resource Sharing ===<br /> <br /> *Validate URLs passed to <tt>XMLHttpRequest.open</tt>, current browsers allow these URLs to be cross domain and this behavior can lead to code injection by a remote attacker. Pay extra attention to absolute URLs.<br /> *Ensure that URLs responding with <tt>Access-Control-Allow-Origin: *</tt> do not include any sensitive content or information that might aid attacker in further attacks. Use <tt>Access-Control-Allow-Origin</tt> header only on chosen URLs that need to be accessed cross-domain. Don't use the header for the whole domain. <br /> *Take special care when using <tt>Access-Control-Allow-Credentials: true</tt> response header. Whitelist the allowed Origins and never echo back the <tt>Origin</tt> request header in <tt>Access-Control-Allow-Origin</tt>. <br /> *Allow only selected, trusted domains in <tt>Access-Control-Allow-Origin</tt> header. Prefer whitelisting domains over blacklisting or allowing any domain (either through <tt>*</tt> wildcard or echoing the <tt>Origin</tt> header content). <br /> *Keep in mind that CORS does not prevent the requested data from going to an un-authenticated location - it's still important for the server to perform usual [[Cross-Site Request Forgery (CSRF)|CSRF]] prevention. <br /> *While the RFC recommends a pre-flight request with the <tt>OPTIONS</tt> verb, current implementations might not perform this request, so it's important that "ordinary" (<tt>GET</tt> and <tt>POST</tt>) requests perform any access control necessary.<br /> *For performance reasons pre-flight requests may be cached in client-side for certain amount of time (controlled by Access-Control-Max-Age header). The security model of CORS can be bypassed in case of header injection vulnerabilities in combination with pre-flight caching so add measures to prevent [[HTTP_Response_Splitting]] vulnerabilities in server side.<br /> *Discard requests received over plain HTTP with HTTPS origins to prevent mixed content bugs.<br /> *Don't rely only on the Origin header for Access Control checks. Browser always sends this header in CORS requests, but may be spoofed outside the browser. Application-level protocols should be used to protect sensitive data.<br /> <br /> === WebSockets ===<br /> <br /> *Drop backward compatibility in implemented client/servers and use only protocol versions above hybi-00. Popular Hixie-76 version (hiby-00) and olders are outdated and insecure. <br /> *Recommended version supported in latest versions of all current browsers is [http://tools.ietf.org/html/rfc6455 RFC 6455] (Supported by Firefox 11+, Chrome 16+, Safari 6, Opera 12.50 and IE10).<br /> *While it is relatively easy to tunnel TCP services through WebSockets (e.g. VNC, FTP), doing so enables access to these tunneled services for the in-browser attacker in case of a Cross-Site-Scripting attack. These services might also be called directly from a malicious page or program. <br /> *The protocol doesn't handle authorization and/or authentication. Application-level protocols should handle that separately in case sensitive data is being transferred.<br /> *Process the messages received by the websocket as data. Don't try to assign it directly to the DOM nor evaluate as code. If the response is JSON never use the insecure eval() function, use the safe option JSON.parse() instead.<br /> *Endpoints exposed through <tt>ws://</tt> protocol are easily reversible to plaintext. Only <tt>wss://</tt> (WebSockets over SSL/TLS) should be used for protection against Man-In-The-Middle attacks <br /> *Spoofing the client is possible outside browser, so WebSockets server should be able to handle incorrect/malicious input. Always validate input coming from the remote site, as it might have been altered. <br /> *When implementing servers, check the <tt>Origin:</tt> header in Websockets handshake. Though it might be spoofed outside browser, browsers always add the Origin of the page which initiated Websockets connection. <br /> *As WebSockets client in browser is accessible through Javascript calls, all Websockets communication can be spoofed or hijacked through [[Cross Site Scripting Flaw|Cross-Site-Scripting]]. Always validate data coming through WebSockets connection.<br /> <br /> === Server-Sent Events ===<br /> <br /> *Validate URLs passed to the <tt>EventSource</tt> constructor, even though only same-origin URLs are allowed.<br /> *As mentioned before, process the messages (<tt>event.data</tt>) as data and never evaluate the content as HTML or script code.<br /> *Check always the origin attribute of the message (<tt>event.origin</tt>) to ensure the message is coming from a trusted domain, use a whitelist approach.<br /> <br /> == Storage APIs ==<br /> <br /> === Local Storage ===<br /> <br /> *Also known as Offline Storage, Web Storage. Underlying storage mechanism may vary from one user agent to the next. In other words, any authentication your application requires can be bypassed by a user with local privileges to the machine on which the data is stored. Therefore, it's recommended not to store any sensitive information in local storage.<br /> *Use the object sessionStorage instead of localStorage if persistent storage is not needed. sessionStorage object is available only to that window/tab until the window is closed.<br /> *A single [[Cross-site_Scripting_(XSS)|Cross Site Scripting]] can be used to steal all the data in these objects, so again it's recommended not to store sensitive information in local storage.<br /> *A single [[Cross-site_Scripting_(XSS)|Cross Site Scripting]] can be used to load malicious data into these objects too, so don't consider objects in these to be trusted.<br /> *Pay extra attention to “localStorage.getItem” and “setItem” calls implemented in HTML5 page. It helps in detecting when developers build solutions that put sensitive information in local storage, which is a bad practice.<br /> *Do not store session identifiers in local storage as the data is always accesible by JavaScript. Cookies can mitigate this risk using the <tt>httpOnly</tt> flag.<br /> *There is no way to restrict the visibility of an object to a specific path like with the attribute path of HTTP Cookies, every object is shared within an origin and protected with the Same Origin Policy. Avoid host multiple applications on the same origin, all of them would share the same localStorage object, use different subdomains instead.<br /> <br /> === Client-side databases ===<br /> <br /> *On November 2010 the W3C announced Web SQL Database (relational SQL database) as a deprecated specification. A new standard Indexed Database API or IndexedDB (formerly WebSimpleDB) is actively developed which provides key/value database storage and methods for performing advanced queries.<br /> *Underlying storage mechanism may vary from one user agent to the next. In other words, any authentication your application requires can be bypassed by a user with local privileges to the machine on which the data is stored. Therefore, it's recommended not to store any sensitive information in local storage. <br /> *If utilized, WebDatabase content on client side can be vulnerable to SQLInjection and needs to have proper validation and parametrization.<br /> *Like Local Storage, a single [[Cross-site_Scripting_(XSS)|Cross Site Scripting]] can be used to load malicious data into a web database too, so don't consider data in these to be trusted either.<br /> <br /> == Geolocation ==<br /> <br /> *The Geolocation RFC recommends that the user agent ask the user's permission before calculating location, but whether or how this decision is remembered varies from browser to browser. Some user agents require the user to visit the page again in order to turn off the ability to get the user's location without asking, so for privacy reasons, it's recommended to require user input before calling <tt>getCurrentPosition</tt> or <tt>watchPosition</tt>.<br /> <br /> == Web Workers ==<br /> <br /> *Web Workers are allowed to use <tt>XMLHttpRequest</tt> object to perform in-domain and Cross Origin Resource Sharing requests. See relevant section of this Cheat Sheet to ensure CORS security. <br /> *While Web Workers don't have access to DOM of the calling page, malicious Web Workers can use excessive CPU for computation, leading to Denial of Service condition or abuse Cross Origin Resource Sharing for further exploitation. Ensure code in all Web Workers scripts is not malevolent. Don't allow creating Web Worker scripts from user supplied input. <br /> *Validate messages exchanged with a Web Worker. Do not try to exchange snippets of Javascript for evaluation e.g. via eval() as that could introduce a&nbsp;[[DOM Based XSS|DOM Based XSS]]&nbsp;vulnerability.<br /> <br /> == Sandboxed frames ==<br /> <br /> *Use the <tt>sandbox</tt> attribute of an <tt>iframe</tt> for untrusted content<br /> <br /> *The <tt>sandbox</tt> attribute of an <tt>iframe</tt> enables restrictions on content within a <tt>iframe</tt>. The following restrictions are active when the <tt>sandbox</tt> attribute is set:<br /> <br /> #All markup is treated as being from a unique origin <br /> #All forms and scripts are disabled <br /> #All links are prevented from targeting other browsing contexts <br /> #All features that triggers automatically are blocked <br /> #All plugins are disabled<br /> <br /> It is possible to have a [http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox fine-grained control] over <tt>iframe</tt> capabilities using the value of the <tt>sandbox</tt> attribute.<br /> <br /> *In old versions of user agents where this feature is not supported this attributed will be ignored. Use this feature as an additional layer of protection or check if the browser supports sandboxed frames and only show the untrusted content if supported.<br /> *Apart from this attribute, to prevent Clickjacking attacks and unsolicited framing it is encouraged to use the header <tt>X-Frame-Options</tt> which supports the <tt>deny</tt> and <tt>same-origin</tt> values. Other solutions like framebusting <tt>if(window!== window.top) { window.top.location = location; }</tt> are not recommended.<br /> <br /> == Offline Applications ==<br /> <br /> *Wether the user agent requests permission to the user to store data for offline browsing and when this cache is deleted vary from one browser to the next. Cache poisoning is an issue if a user connects through insecure networks, so for privacy reasons it is encouraged to require user input before sending any <tt>manifest</tt> file.<br /> *Users should only cache trusted websites and clean the cache after browsing through open or insecure networks.<br /> <br /> == Progressive Enhancements and Graceful Degradation Risks ==<br /> <br /> *The best practice now is to determine the capabilities that a browser supports and augment with some type of substitute for capabilities that are not directly supported. This may mean an onion-like element, e.g. falling through to a Flash Player if the &lt;video&gt; tag is unsupported, or it may mean additional scripting code from various sources that should be code reviewed.<br /> <br /> == HTTP Headers to enhance security ==<br /> <br /> === X-Frame-Options ===<br /> <br /> *This header can be used to prevent ClickJacking in modern browsers (IE6/IE7 don't support this header)<br /> *Use the <tt>same-origin</tt> attribute to allow being framed from urls of the same origin or <tt>deny</tt> to block all. Example: <tt>X-Frame-Options: DENY</tt><br /> <br /> === X-XSS-Protection ===<br /> <br /> *Enable XSS filter (only works for Reflected XSS)<br /> *Example: <tt>X-XSS-Protection: 1; mode=block</tt><br /> <br /> === Strict Transport Security ===<br /> <br /> *Force every browser request to be sent over TLS/SSL (this can prevent SSL strip attacks)<br /> *Use includeSubDomains<br /> *Example: Strict-Transport-Security: max-age=8640000; includeSubDomains<br /> <br /> === Content Security Policy ===<br /> <br /> *Policy to define a set of content restrictions for web resources which aims to mitigate web application vulnerabilities such as Cross Site Scripting<br /> *Example: X-Content-Security-Policy: allow 'self'; img-src *; object-src media.example.com; script-src js.example.com<br /> <br /> === Origin ===<br /> <br /> *Sent by CORS/WebSockets requests<br /> *There is a proposal to use this header to mitigate CSRF attacks, but is not yet implemented by vendors for this purpose.<br /> <br /> <br /> = Authors and Primary Editors =<br /> <br /> Mark Roxberry - mark.roxberry [at] owasp.org<br/><br /> Krzysztof Kotowicz - krzysztof [at] kotowicz.net <br/><br /> Will Stranathan - will [at] cltnc.us <br/><br /> Shreeraj Shah - shreeraj.shah [at] blueinfy.net <br/><br /> Juan Galiana Lara - jgaliana [at] owasp.org<br /> <br /> = Other Cheatsheets =<br /> {{Cheatsheet_Navigation}}<br /> <br /> [[Category:Cheatsheets]]</div>

Mroxberr https://wiki.owasp.org/index.php?title=HTML_5_Cheat_Sheet&diff=115763 HTML 5 Cheat Sheet 2011-08-16T01:19:08Z

<p>Mroxberr: Initial outline</p> <hr /> <div>= Introduction =<br /> = HTML 5 =<br /> <br /> == Browser Securability Chart ==<br /> There are a few sites charting browser capabilities as they related to the HTML 5 / CSS 3 standard. I have not seen any that mention security. There may not be a need for it, but <br /> e.g. 'sandbox' will be ignored in down browsers, but which HTML 5 compliant browsers support it. If there are differences in implementations, my assumption is that there will be differences in security configuration / settings.<br /> <br /> == Cross Origin Request ==<br /> <br /> == Input Validation ==<br /> <br /> == Local Storage (a.k.a. Offline Storage, Web Storage) ==<br /> <br /> == WebDatabase ==<br /> <br /> == WebSockets ==<br /> <br /> == Geolocation ==<br /> <br /> == Use the "sandbox" attribute for untrusted content (iFrame) ==<br /> [[http://blog.whatwg.org/whats-next-in-html-episode-2-sandbox]]<br /> <br /> == Content Deliverability ==<br /> CDN or src links to foreign domains = know your content<br /> <br /> == Progressive Enhancements and Graceful Degradation Risks ==<br /> The best practice now is to determine the capabilities that a browser supports and augment with some type of substitute for capabilities that are not directly supported. This may mean an onion-like element, e.g. falling through to a Flash Player if the <video> tag is unsupported, or it may mean additional scripting code from various sources that should be code reviewed.<br /> <br /> = CSS 3 =<br /> I haven't seen any specific to CSS 3 and it's been a while since I worried about url / !import. I think privacy leaks are the most well know - e.g. querying global history using :visited (https://bugzilla.mozilla.org/show_bug.cgi?id=147777)<br /> <br /> = Javascript and Javascript Frameworks =<br /> Do we have cheatsheets for Javascript (e.g. use closures, protect the global namespace) or any of the frameworks like JQuery, script.aculo.us, Prototype, Mootools<br /> <br /> = Related Cheat Sheets =<br /> {{Cheatsheet_Navigation}}<br /> <br /> = Authors and Primary Editors =<br /> <br /> [[Category:How To]]<br /> [[Category:Cheatsheets]]</div>

Mroxberr https://wiki.owasp.org/index.php?title=ORG_(OWASP_Report_Generator)&diff=71238 ORG (OWASP Report Generator) 2009-10-09T13:33:18Z

<p>Mroxberr: </p> <hr /> <div>==== Main ====<br /> <br /> The ORG (OWASP Report Generator) is a tool for Security Consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.<br /> <br /> Currently [[:User:Mroxberr|'''Mark Roxberry''']] leads this project. Formerly the project leader was [[User:Dinis.cruz|Dinis Cruz]] with strong contributions from [[User:medelibero|Mike de Libero]]. Mike was sponsored under an OWASP Autumn of Code 2006 sponsorship to work on ORG.<br /> <br /> == Downloads ==<br /> <br /> The latest release of ORG's installer can be found at (updated on 1/15/2007)<br /> [http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=osdn&filename=ORG_v0.88.msi Report Generator Installer]<br /> <br /> The source code for latest stable version can be downloaded from here (updated on 11/1/2006): [http://prdownloads.sourceforge.net/owasp/ReportGenerator.zip Report Generator Source]<br /> <br /> This project is in active development and the latest version can be obtained from [http://owasp-code-central.googlecode.com/svn/trunk/labs/ReportGenerator Google SVN]<br /> <br /> '''Instructions for using the zip file'''<br /> <br /> 1) Unzip the files <br /> <br /> 2) Run regAuthenticPlugin.bat to register the AuthenticPlugin<br /> <br /> 3) Open the solution in VS.Net 2k5. You can use any version of VS but the primary version used for development is the express edition. <br /> <br /> 4) More than likely you need to modify the references area to use the local files for [IxInterop|AxInterop].XMLSPYPLUGIN. <br /> <br /> 5) Then try and compile and you should be good to go. If not contact Mike and we will work with you to get it all straightened out and so we can adjust this process.<br /> <br /> == ORG Development ==<br /> <br /> The current version under development is v0.86 and you can see the change log here: [[ORG (Owasp Report Generator) - Change Log]]<br /> <br /> The current Todo is here: [[ORG (Owasp Report Generator) - To Do]]<br /> <br /> == Getting setup for an assessment ==<br /> <br /> '''Step 1)''' Create a profile for you to use on your computer. You can do this on the first screen that will be encountered when running ORG. <br /> <br /> [[Image:Profile_ss.jpg]]<br /> <br /> Once the information has been inputted click on “Start Pen Test Reporter” and you are ready to start adding new projects.<br /> <br /> <br /> '''Step 2)''' The next step is to create a project. With the “Current and Archived Projects” window open make sure that the project metadata tab is selected. From there in the lower left hand corner you will see an area to type in a new project and then click “Add”. You will then see a window like the one below.<br /> <br /> [[Image:Project_setup_ss.jpg]]<br /> <br /> You can now type in the pertinent information about your project. After that you are ready to identify your targets and start attacking (i.e. the fun part!).<br /> <br /> <br /> '''Step 3)''' Next click on the targets tab, this will allow you to define the targets for your assessment. Below is a screen shot of an example of a target during an assessment. <br /> <br /> [[Image:Org_target_ss.jpg]]<br /> <br /> The above area gives you the logistics of the target things like name, IP(s), the type of target and common dns names. The bottom area allows you to put files related to the target. <br /> <br /> <br /> You can also import in targets from an NMap scan if you use the xml output file option. To do import targets click the “Import Targets” button and select the saved scan.<br /> <br /> <br /> '''Step 4)''' After defining the attack targets you can specify the individual tasks you wish to perform on the targets. A screen like the one below should be shown. <br /> <br /> [[Image:Org_target_tasks_ss.jpg]]<br /> <br /> Using this screen you can manage the tasks that need to be done for an assessment, things like information gathering, auditing of source code and other tasks that are normally done during a security audit. You can specify the state of each task with the drop down in the status column. <br /> <br /> <br /> We now have all the background information but we need a way to let our customers know what we have found that is where the findings tab comes into play.<br /> <br /> == Recording assessment findings ==<br /> During an assessment you can record all your findings using the findings tab in the projects form. All findings must be associated to a target. An example findings window is below. These findings will later be added to reports that you will give to your customers. <br /> <br /> [[Image:Org_findings_ss.jpg]]<br /> <br /> You can add screenshots to the additional details area of the findings screen as well. To create findings use the “Add Finding” area. This will give you a blank slate and initially use the simple mode. <br /> <br /> <br /> You can change the template for the editor by using the drop down labeled “Editor Template To Use”. There are two other options besides simple mode they are: Authentic – All Fields Mode and Windows Explorer. The all fields mode allows you to specify more detailed information. While, the windows explorer mode allows you to add other artifacts related to this finding, like code excerpts, PoC code, etc…<br /> <br /> <br /> After we are done finding all the holes in our targets we need to report them to our customers. <br /> <br /> == Reporting Our Findings ==<br /> '''Step 1)''' Click on the “Report Contents” tab and fill out the information there. This will be later used for the executive summary and other reports that need to be ran. Below is an example screen of the report contents filled out. <br /> <br /> [[Image:Org_report_contents_tab_ss.jpg]]<br /> <br /> Click on ”Save Report Contents” and we are ready for the next step generating a report.<br /> <br /> <br /> '''Step 2)''' The first thing to do is click on the “Report Pdf” tab. Select the xslt you wish to use for the report then select “FOP” for what you want to create the report with. Then click on “Create report files using”. After clicking on the button a small PDF reader will show up on the form. You can then save the report to wherever you wish. An example screen shot is below.<br /> <br /> [[Image:Org_pdf_report_ss.jpg]]<br /> <br /> The other way to create reports is by click on the reports button at the very top. You will see a screen like the one below.<br /> <br /> [[Image:Org_reports_ss.jpg]]<br /> <br /> == Adding new entries into drop downs ==<br /> A user has the ability to modify the values in the drop downs in the targets, findings, project details and target tasks by modifying the any sps files under <Application_Path>/VulnReport_Files/sps/. <br /> <br /> == ORG Active Developers ==<br /> <br /> * [[ORG (Owasp Report Generator) - Mike de Libero]]<br /> * [[ORG (Owasp Report Generator) - Dinis Cruz]]<br /> <br /> Other related [[https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=105632 OWASP .Net Project Downloads]]<br /> <br /> == Building the Installer ==<br /> ORG is built using the WiX installer [http://wix.sourceforge.net/]. The assumption is that the folder housing the WiX libraries is in your search path. <br /> <br /> * Setup a directory like the below screen shot<br /> ** '''Note''' the following files can be found in the Google SVN: BuildInstaller.bat, FOP.zip.txt, regAuthenticPlugin.bat, ORG_v0.88.wxs, ORG_CONFIG_FILEs.zip.txt, AuthenticPlugin.zip.txt, AxInterop.PdfLib.dll, AxInterop.SHDocVw.dll, AxInterop.XMLSPYPLUGINLib.dll, ICSharpCode.TextEditor.dll, ICSharpCode.TextEditor.dll, Interop.SHDocVw.dll, Interop.XMLSPYPLUGINLib.dll, SharpZipLib.dll<br /> [[Image:Org_installer_files_ss.gif]]<br /> * Run the batch script BuildInstaller.bat<br /> <br /> When a new version of the installer needs to be built the ID for the product element needs to be replaced along with the version information. <br /> <br /> <br /> <br /> ==== Project Identification ====<br /> <br /> [[Category:OWASP Project|Report Generator)]]<br /> [[Category:OWASP .NET Project]]<br /> [[Category:OWASP Tool]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Alpha Quality Tool]]<br /> <br /> {{Template:OWASP Project Identification Tab<br /> | project_name = OWASP Report Generator Project<br /> | project_description = The ORG (OWASP Report Generator) is a multi-purpose reporting tool designed to be extensible for various reporting needs. By using what is known as a provider model, report providers can be plugged in to ORG. OWASP Report Providers will include Penetration Testing and SDL. The Penetration Testing Report Provider supports the documentation and reporting of security vulnerabilities discovered during security audits. The SDL Report Provider supports the documentation and reporting requirements of the Secure Development Lifecycle. Beyond OWASP Report Providers, the community can leverage the ORG for their own reporting needs. <br /> | project_license = [http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License]<br /> | leader_name = Mark Roxberry<br /> | leader_email = <br /> | leader_username = Mroxberr<br /> | maintainer_name = Mark Roxberry<br /> | maintainer_email = <br /> | maintainer_username = Mroxberr<br /> | contributor_name1 = Gary Burns<br /> | contributor_email1 = <br /> | contributor_username1 = Gary.m.burns<br /> | contributor_name2 = <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> | contributor_name3 = <br /> | contributor_email3 = <br /> | contributor_username3 = <br /> | contributor_name4 = <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> | contributor_name5 = <br /> | contributor_email5 = <br /> | contributor_username5 = <br /> | contributor_name6 = <br /> | contributor_email6 = <br /> | contributor_username6 = <br /> | contributor_name7 = <br /> | contributor_email7 = <br /> | contributor_username7 = <br /> | contributor_name8 = <br /> | contributor_email8 = <br /> | contributor_username8 = <br /> | contributor_name9 = <br /> | contributor_email9 = <br /> | contributor_username9 = <br /> | contributor_name10 = <br /> | contributor_email10 = <br /> | contributor_username10 = <br /> | pamphlet_link = <br /> | presentation_link = <br /> | mailing_list_name = owasp-org<br /> | links_url1 = http://code.google.com/p/org2/<br /> | links_name1 = Code<br /> | links_url2 = http://owasprox.blogspot.com/search/label/org2<br /> | links_name2 = Blog<br /> | links_url3 = <br /> | links_name3 = <br /> | links_url4 = <br /> | links_name4 = <br /> | links_url5 = <br /> | links_name5 = <br /> | links_url6 = <br /> | links_name6 = <br /> | links_url7 = <br /> | links_name7 = <br /> | links_url8 = <br /> | links_name8 = <br /> | links_url9 = <br /> | links_name9 = <br /> | links_url10 = <br /> | links_name10 = <br /> | project_road_map = http://code.google.com/p/org2/wiki/RoadMap<br /> | project_health_status = <br /> | current_release_name = ORG v.088 <br /> | current_release_date = August 2009<br /> | current_release_download_link = http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=osdn&filename=ORG_v0.88.msi<br /> | current_release_details = :Category:OWASP_Report_Generator_Project_-_ORG_v.088_Release<br /> | current_release_rating = - 1<br /> | current_release_leader_name = Dinis Cruz<br /> | current_release_leader_email = <br /> | current_release_leader_username = Dinis.cruz<br /> | last_reviewed_release_name = <br /> | last_reviewed_release_date = <br /> | last_reviewed_release_download_link = <br /> | last_reviewed_release_rating = <br /> | last_reviewed_release_leader_name = <br /> | last_reviewed_release_leader_email = <br /> | last_reviewed_release_leader_username = <br /> | old_release_name1 = <br /> | old_release_date1 = <br /> | old_release_download_link1 = <br /> | old_release_name2 = <br /> | old_release_date2 = <br /> | old_release_download_link2 = <br /> | old_release_name3 = <br /> | old_release_date3 = <br /> | old_release_download_link3 = <br /> | old_release_name4 = <br /> | old_release_date4 = <br /> | old_release_download_link4 = <br /> | old_release_name5 = <br /> | old_release_date5 = <br /> | old_release_download_link5 = <br /> }} <br /> __NOTOC__ <headertabs /></div>

Mroxberr https://wiki.owasp.org/index.php?title=Template:OWASP_Report_Generator_Project_-_GPC_Tab_-_Project_Information&diff=66537 Template:OWASP Report Generator Project - GPC Tab - Project Information 2009-07-24T17:26:45Z

<p>Mroxberr: </p> <hr /> <div>{{ Template:Project Information<br /> <br /> | Project Name <br /> = OWASP Report Generator Project<br /> <br /> | Purpose <br /> = The ORG (OWASP Report Generator) is a multi-purpose reporting tool designed to be extensible for various reporting needs. By using what is known as a provider model, report providers can be plugged in to ORG. OWASP Report Providers will include Penetration Testing and SDL. The Penetration Testing Report Provider supports the documentation and reporting of security vulnerabilities discovered during security audits. The SDL Report Provider supports the documentation and reporting requirements of the Secure Development Lifecycle. Beyond OWASP Report Providers, the community can leverage the ORG for their own reporting needs.<br /> <br /> | Project License <br /> = [http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License]<br /> <br /> | Project Leader - Name <br /> = [[:user:Mroxberr|Mark Roxberry]]<br /> <br /> | Project Maintainer - Name <br /> = [[:user:Mroxberr|Mark Roxberry]]<br /> <br /> | Project Contributor(s) - Name(s) <br /> = [[:User:Gary.m.burns|Gary Burns]]<br /> <br /> | 3x slide presentation <br /> = To Do<br /> <br /> | Project Flyer/Pamphlet <br /> = To Do<br /> <br /> | Mail list <br /> = [https://lists.owasp.org/mailman/admin/owasp-org Subscribe or read the archives]<br /> <br /> | Project Roadmap <br /> = http://code.google.com/p/org2/wiki/RoadMap <br /> <br /> | Project main links <br /> = [http://code.google.com/p/org2/ Code], [http://owasprox.blogspot.com/search/label/org2 Blog]<br /> <br /> | Project Health <br /> = [[Image:Yellow button.JPG|25px]] [[:Category:OWASP Report Generator Project - Health Assessment|Not reviewed]]<br /> <br /> | Assessment Criteria Version <br /> = [[:Assessing Project Health|Assessment Criteria v2.0]]<br /> <br /> }}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_Encrypted_Syndication_Project&diff=64766 Category:OWASP Encrypted Syndication Project 2009-06-22T21:31:40Z

<p>Mroxberr: /* Joining the Project */</p> <hr /> <div>[[Category:OWASP Project]]<br /> [[Category:OWASP Tool]]<br /> [[Category:OWASP Alpha Quality Tool]]<br /> <br /> ==== Main ====<br /> <br /> '''Purpose'''<br /> <br /> '''Vision'''<br /> <br /> '''Goals'''<br /> <br /> '''Architecture'''<br /> <br /> ==== Roadmap ====<br /> <br /> ==== Tracking ====<br /> <br /> ==== Resources ====<br /> <br /> ==== References ====<br /> <br /> ==== Procedures ====<br /> <br /> ==== Project Identification ====<br /> <br /> __NOTOC__<br /> <headertabs/><br /> <br /> <br /> == Joining the Project==<br /> <br /> Project mailing list: https://lists.owasp.org/mailman/listinfo/owasp_encrypted_syndication<br /> <br /> The Project code is hosted at Codeplex: http://encryptsyn.codeplex.com/</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_Cryttr_-_Encrypted_Twitter_Project&diff=64357 Category:OWASP Cryttr - Encrypted Twitter Project 2009-06-18T16:46:50Z

<p>Mroxberr: </p> <hr /> <div>[[Category:OWASP Project]]<br /> [[Category:OWASP Tool]]<br /> [[Category:OWASP Alpha Quality Tool]]<br /> <br /> ==== Main ====<br /> <br /> '''Purpose'''<br /> <br /> Cryttr is a set of client tools to enable encrypted syndication and provide a front end to protect user's content. The proof of concept uses Twitter and the Twitter API to post encrypted "tweets" and decrypt "tweets" using a shared passkey. Cryttr uses the "encrypted syndication protocol" to connect to open internet resources via published APIs to encrypt and decrypt syndicated content.<br /> <br /> <br /> '''Vision'''<br /> <br /> * Cryttr protects messages and allows user to control syndication of protected messages<br /> * Storage providers cannot index or aggregate information from published encrypted messages<br /> * Cryttr is simple to use, simple to install<br /> <br /> <br /> '''Goals'''<br /> <br /> * Create a simple method for key exchange / project membership (ESP)<br /> * Create a provider model to access popular open blog/social networking API's (Blogger, Wordpress, Flickr, Facebook) (ESP)<br /> * Create a provider model to subscribe to syndicated feed types, e.g. RSS, ATOM. (ESP)<br /> * Provide the ability to serialize and transfer documents as "posts". (ESP)<br /> * Design UI to switch providers<br /> * Cryttr for Flash<br /> * Cryttr for Android<br /> * Cryttr for Desktops<br /> <br /> <br /> '''Architecture'''<br /> <br /> (WIP)<br /> * Server Components<br /> * Client Components<br /> * Client UI<br /> <br /> <br /> ==== Roadmap ====<br /> <br /> ==== Tracking ====<br /> <br /> ==== Resources ====<br /> <br /> ==== References ====<br /> <br /> ==== Procedures ====<br /> <br /> ==== Project Identification ====<br /> <br /> __NOTOC__<br /> <headertabs/><br /> <br /> <br /> == Joining the Project==<br /> <br /> If you'd like to contribute visit the [http://www.codeplex.com/cryttr Cryttr Project Workspace],</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_Cryttr_-_Encrypted_Twitter_Project&diff=64356 Category:OWASP Cryttr - Encrypted Twitter Project 2009-06-18T16:42:07Z

<p>Mroxberr: </p> <hr /> <div>[[Category:OWASP Project]]<br /> [[Category:OWASP Tool]]<br /> [[Category:OWASP Alpha Quality Tool]]<br /> <br /> ==== Main ====<br /> <br /> '''Purpose'''<br /> <br /> Cryttr is a set of client tools to enable encrypted syndication and provide a front end to protect user's content. The proof of concept uses Twitter and the Twitter API to post encrypted "tweets" and decrypt "tweets" using a shared passkey. Cryttr uses the "encrypted syndication protocol" to connect to open internet resources via published APIs to encrypt and decrypt syndicated content.<br /> <br /> <br /> '''Vision'''<br /> <br /> * Cryttr protects messages and allows user to control syndication of protected messages<br /> * Storage providers cannot index or aggregate information from published encrypted messages<br /> * Cryttr is simple to use, simple to install<br /> <br /> <br /> '''Goals'''<br /> <br /> * Create a simple method for key exchange / project membership (ESP)<br /> * Create a provider model to access popular open blog/social networking API's (Blogger, Wordpress, Flickr, Facebook) (ESP)<br /> * Create a provider model to subscribe to syndicated feed types, e.g. RSS, ATOM. (ESP)<br /> * Provide the ability to serialize and transfer documents as "posts". (ESP)<br /> * Design UI to switch providers<br /> * Cryttr for Flash<br /> * Cryttr for Android<br /> * Cryttr for Desktops<br /> <br /> '''Architecture'''<br /> (WIP)<br /> * Server Components<br /> * Client Components<br /> * Client UI<br /> <br /> <br /> ==== Roadmap ====<br /> <br /> ==== Tracking ====<br /> <br /> ==== Resources ====<br /> <br /> ==== References ====<br /> <br /> ==== Procedures ====<br /> <br /> ==== Project Identification ====<br /> <br /> __NOTOC__<br /> <headertabs/></div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_Cryttr_-_Encrypted_Twitter_Project&diff=64355 Category:OWASP Cryttr - Encrypted Twitter Project 2009-06-18T16:36:40Z

<p>Mroxberr: </p> <hr /> <div>[[Category:OWASP Project]]<br /> [[Category:OWASP Tool]]<br /> [[Category:OWASP Alpha Quality Tool]]<br /> <br /> ==== Main ====<br /> <br /> '''Purpose'''<br /> <br /> Cryttr is a set of client tools to enable encrypted syndication and provide a front end to protect user's content. The proof of concept uses Twitter and the Twitter API to post encrypted "tweets" and decrypt "tweets" using a shared passkey. Cryttr uses the "encrypted syndication protocol" to connect to open internet resources via published APIs to encrypt and decrypt syndicated content.<br /> <br /> <br /> '''Vision'''<br /> <br /> * Cryttr protects messages and allows user to control syndication of protected messages<br /> * Storage providers cannot index or aggregate information from published encrypted messages<br /> * Cryttr is simple to use, simple to install<br /> <br /> <br /> '''Goals'''<br /> <br /> * Create a simple method for key exchange / project membership<br /> * Create a provider model to access popular open blog/social networking API's (Blogger, Wordpress, Flickr, Facebook)<br /> * Create a provider model to subscribe to syndicated feed types, e.g. RSS, ATOM.<br /> * Provide the ability to serialize and transfer documents as "posts".<br /> * Improve UI to switch providers<br /> * Cryttr for Flash<br /> * Cryttr for Android<br /> * Cryttr for Desktops<br /> <br /> <br /> ==== Roadmap ====<br /> <br /> ==== Tracking ====<br /> <br /> ==== Resources ====<br /> <br /> ==== References ====<br /> <br /> ==== Procedures ====<br /> <br /> ==== Project Identification ====<br /> <br /> __NOTOC__<br /> <headertabs/></div>

Mroxberr https://wiki.owasp.org/index.php?title=.NET_Penetration_Testing&diff=62235 .NET Penetration Testing 2009-05-27T14:36:29Z

<p>Mroxberr: </p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! .NET Security Quick Reference<br /> |- <br /> | <br /> *[[OWASP WebGoat Project]]<br /><br /> |-<br /> |}<br /> ==.NET Penetration Testing==<br /> Plan, Discover, Attack and Report - this section is for tools, checklists and references for penetration testing .NET web applications and services.<br /> <br /> ===Areas of Concern===<br /> *Planning the hack<br /> <br /> *Ethically hacking<br /> <br /> *Attack Vectors<br /> <br /> *Intelligence gathering<br /> <br /> *Reporting<br /> <br /> ===Blogs, Articles & Projects===<br /> [[OWASP .NET Vulnerability Research]]<br /> <br /> [http://blogs.msdn.com/hackers/ MSDN Hackers]<br /> <br /> [http://msdn.microsoft.com/en-us/magazine/cc507646.aspx MSDN Magazine: Security Briefs: Penetration Testing]<br /> <br /> [http://blogs.microsoft.co.il/blogs/alikl/archive/2006/12/29/Wrong-Way-To-Do-Penetration-Testing.aspx Wrong Way to Do Penetration Testing]<br /> <br /> ===Online Media (Podcasts, Webcasts, Presentations, eBooks etc.)===<br /> [http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032308087&CountryCode=US MSDN Webcast: Penetration Testing with Visual Studio Team System and Fortify Security Tester]<br /> <br /> [http://www.hackerz.ir/e-books/Penetration%20Testing%20For%20Web%20Applications%20Part%201.pdf Penetration Testing for Web Applications Part 1 (PDF)]<br /> <br /> [http://www.hackerz.ir/e-books/Penetration%20Testing%20For%20Web%20Applications%20Part%202.pdf Penetration Testing for Web Applications Part 2 (PDF)]<br /> <br /> ===References===<br /> [http://www.owasp.org/index.php/Rooting_The_CLR Rooting the CLR (Draft)]<br /> <br /> [http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf NIST 800-42 Guideline on Network Security Testing]<br /> <br /> [http://www.isecom.org/osstmm ISECOM Open Source Security Testing Methodology Manual]<br /> <br /> [http://www.oissg.org/issaf/index.php OISSG Information Systems Security Assessment Framework (ISSAF)]<br /> <br /> ===Tools===<br /> [http://www.owasp.org/index.php/Source_Code_Audit_Tools Source Code Audit Tools]</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=62234 Category:OWASP .NET Project 2009-05-27T14:24:15Z

<p>Mroxberr: </p> <hr /> <div>[[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of security resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> ==== Resources ====<br /> === Member Contributions ===<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> === Recommended Resources ===<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> === Security Guides ===<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> === Active Projects ===<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> === Research Projects ===<br /> ; [[OWASP .NET Research]]<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/ Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/ Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> * May 7, 2009 - Updated tabs, added content recommended by Andre Gironda<br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Project Identification ====<br /> ; {{:Project Information:template .NET Project}}<br /> <br /> <br /> __NOTOC__<br /> <headertabs/><br /> <br /><br /> '''Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.'''<br /> <br /><br /> == Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Recommended_Resources&diff=60320 OWASP .NET Recommended Resources 2009-05-07T20:08:38Z

<p>Mroxberr: /* OWASP */</p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! OWASP .NET Quick Reference<br /> |- <br /> | <br /> *[[OWASP Code Review Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> |-<br /> |}<br /> ==OWASP .NET Recommended Resources==<br /> <br /> <br /> ===Areas of Concern===<br /> <br /> *Getting Started<br /> <br /> *Tutorials<br /> <br /> *Best Practices<br /> <br /> *OWASP Guidance and Tools<br /> <br /> ===Blogs & People===<br /> <br /> ===== OWASP =====<br /> [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> <br /> ==== General ====<br /> [http://securitybuddha.com/ Mark Curphrey's Blog]<br /> <br /> [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]<br /> <br /> [http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]<br /> <br /> [http://www.leastprivilege.com Dominick Baier's Blog]<br /> <br /> [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]<br /> <br /> [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]<br /> <br /> ===Advisories, Articles & Projects===<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]<br /> <br /> [http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]<br /> <br /> [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]<br /> <br /> [http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]<br /> <br /> [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]<br /> <br /> ===Online References, Training===<br /> <br /> [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]<br /> <br /> [http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]<br /> <br /> [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]<br /> <br /> [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]<br /> <br /> [http://www.pluralsight.com/main/olt/Module.aspx?a=keith-brown&n=aspdotnet-security&cn=aspdotnet-fundamentals ASP.NET Security Webcasts - Kieth Brown]<br /> <br /> ===Books and Publications===<br /> <br /> [http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]<br /> <br /> [http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan<br /> <br /> [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom<br /> <br /> ===Tools===<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]<br /> <br /> [http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]<br /> <br /> [http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]<br /> <br /> [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]<br /> <br /> [http://learn.iis.net/page.aspx/473/using-urlscan URLScan]<br /> <br /> [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]<br /> <br /> [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]<br /> <br /> [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Recommended_Resources&diff=60319 OWASP .NET Recommended Resources 2009-05-07T20:05:35Z

<p>Mroxberr: /* Online References */</p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! OWASP .NET Quick Reference<br /> |- <br /> | <br /> *[[OWASP Code Review Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> |-<br /> |}<br /> ==OWASP .NET Recommended Resources==<br /> <br /> <br /> ===Areas of Concern===<br /> <br /> *Getting Started<br /> <br /> *Tutorials<br /> <br /> *Best Practices<br /> <br /> *OWASP Guidance and Tools<br /> <br /> ===Blogs & People===<br /> <br /> ===== OWASP =====<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> <br /> ==== General ====<br /> [http://securitybuddha.com/ Mark Curphrey's Blog]<br /> <br /> [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]<br /> <br /> [http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]<br /> <br /> [http://www.leastprivilege.com Dominick Baier's Blog]<br /> <br /> [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]<br /> <br /> [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]<br /> <br /> ===Advisories, Articles & Projects===<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]<br /> <br /> [http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]<br /> <br /> [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]<br /> <br /> [http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]<br /> <br /> [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]<br /> <br /> ===Online References, Training===<br /> <br /> [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]<br /> <br /> [http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]<br /> <br /> [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]<br /> <br /> [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]<br /> <br /> [http://www.pluralsight.com/main/olt/Module.aspx?a=keith-brown&n=aspdotnet-security&cn=aspdotnet-fundamentals ASP.NET Security Webcasts - Kieth Brown]<br /> <br /> ===Books and Publications===<br /> <br /> [http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]<br /> <br /> [http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan<br /> <br /> [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom<br /> <br /> ===Tools===<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]<br /> <br /> [http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]<br /> <br /> [http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]<br /> <br /> [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]<br /> <br /> [http://learn.iis.net/page.aspx/473/using-urlscan URLScan]<br /> <br /> [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]<br /> <br /> [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]<br /> <br /> [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Recommended_Resources&diff=60318 OWASP .NET Recommended Resources 2009-05-07T20:04:57Z

<p>Mroxberr: /* Online References */</p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! OWASP .NET Quick Reference<br /> |- <br /> | <br /> *[[OWASP Code Review Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> |-<br /> |}<br /> ==OWASP .NET Recommended Resources==<br /> <br /> <br /> ===Areas of Concern===<br /> <br /> *Getting Started<br /> <br /> *Tutorials<br /> <br /> *Best Practices<br /> <br /> *OWASP Guidance and Tools<br /> <br /> ===Blogs & People===<br /> <br /> ===== OWASP =====<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> <br /> ==== General ====<br /> [http://securitybuddha.com/ Mark Curphrey's Blog]<br /> <br /> [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]<br /> <br /> [http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]<br /> <br /> [http://www.leastprivilege.com Dominick Baier's Blog]<br /> <br /> [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]<br /> <br /> [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]<br /> <br /> ===Advisories, Articles & Projects===<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]<br /> <br /> [http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]<br /> <br /> [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]<br /> <br /> [http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]<br /> <br /> [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]<br /> <br /> ===Online References===<br /> <br /> [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]<br /> <br /> [http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]<br /> <br /> [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]<br /> <br /> [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]<br /> <br /> =====Webcasts=====<br /> [http://www.pluralsight.com/main/olt/Module.aspx?a=keith-brown&n=aspdotnet-security&cn=aspdotnet-fundamentals ASP.NET Security - Kieth Brown]<br /> <br /> ===Books and Publications===<br /> <br /> [http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]<br /> <br /> [http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan<br /> <br /> [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom<br /> <br /> ===Tools===<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]<br /> <br /> [http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]<br /> <br /> [http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]<br /> <br /> [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]<br /> <br /> [http://learn.iis.net/page.aspx/473/using-urlscan URLScan]<br /> <br /> [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]<br /> <br /> [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]<br /> <br /> [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Recommended_Resources&diff=60317 OWASP .NET Recommended Resources 2009-05-07T20:03:27Z

<p>Mroxberr: </p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! OWASP .NET Quick Reference<br /> |- <br /> | <br /> *[[OWASP Code Review Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> |-<br /> |}<br /> ==OWASP .NET Recommended Resources==<br /> <br /> <br /> ===Areas of Concern===<br /> <br /> *Getting Started<br /> <br /> *Tutorials<br /> <br /> *Best Practices<br /> <br /> *OWASP Guidance and Tools<br /> <br /> ===Blogs & People===<br /> <br /> ===== OWASP =====<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> <br /> ==== General ====<br /> [http://securitybuddha.com/ Mark Curphrey's Blog]<br /> <br /> [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]<br /> <br /> [http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]<br /> <br /> [http://www.leastprivilege.com Dominick Baier's Blog]<br /> <br /> [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]<br /> <br /> [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]<br /> <br /> ===Advisories, Articles & Projects===<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]<br /> <br /> [http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]<br /> <br /> [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]<br /> <br /> [http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]<br /> <br /> [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]<br /> <br /> ===Online References===<br /> <br /> [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]<br /> <br /> [http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]<br /> <br /> [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]<br /> <br /> [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]<br /> <br /> ===Books and Publications===<br /> <br /> [http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]<br /> <br /> [http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan<br /> <br /> [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom<br /> <br /> ===Tools===<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]<br /> <br /> [http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]<br /> <br /> [http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]<br /> <br /> [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]<br /> <br /> [http://learn.iis.net/page.aspx/473/using-urlscan URLScan]<br /> <br /> [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]<br /> <br /> [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]<br /> <br /> [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Recommended_Resources&diff=60316 OWASP .NET Recommended Resources 2009-05-07T20:02:47Z

<p>Mroxberr: /* General */</p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! OWASP .NET Quick Reference<br /> |- <br /> | <br /> *[[OWASP Code Review Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> |-<br /> |}<br /> ==OWASP .NET Recommended Resources==<br /> <br /> <br /> ===Areas of Concern===<br /> <br /> *Getting Started<br /> <br /> *Tutorials<br /> <br /> *Best Practices<br /> <br /> *OWASP Guidance and Tools<br /> <br /> ===Advisories, Articles & Projects===<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]<br /> <br /> [http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]<br /> <br /> [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]<br /> <br /> [http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]<br /> <br /> [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]<br /> <br /> ===Online References===<br /> <br /> [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]<br /> <br /> [http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]<br /> <br /> [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]<br /> <br /> [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]<br /> <br /> ===Books and Publications===<br /> <br /> [http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]<br /> <br /> [http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan<br /> <br /> [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom<br /> <br /> ===Tools===<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]<br /> <br /> [http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]<br /> <br /> [http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]<br /> <br /> [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]<br /> <br /> [http://learn.iis.net/page.aspx/473/using-urlscan URLScan]<br /> <br /> [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]<br /> <br /> [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]<br /> <br /> [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]<br /> <br /> ===Blogs & People===<br /> <br /> ===== OWASP =====<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> <br /> ==== General ====<br /> [http://securitybuddha.com/ Mark Curphrey's Blog]<br /> <br /> [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]<br /> <br /> [http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]<br /> <br /> [http://www.leastprivilege.com Dominick Baier's Blog]<br /> <br /> [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]<br /> <br /> [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Recommended_Resources&diff=60315 OWASP .NET Recommended Resources 2009-05-07T20:02:32Z

<p>Mroxberr: /* OWASP */</p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! OWASP .NET Quick Reference<br /> |- <br /> | <br /> *[[OWASP Code Review Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> |-<br /> |}<br /> ==OWASP .NET Recommended Resources==<br /> <br /> <br /> ===Areas of Concern===<br /> <br /> *Getting Started<br /> <br /> *Tutorials<br /> <br /> *Best Practices<br /> <br /> *OWASP Guidance and Tools<br /> <br /> ===Advisories, Articles & Projects===<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]<br /> <br /> [http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]<br /> <br /> [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]<br /> <br /> [http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]<br /> <br /> [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]<br /> <br /> ===Online References===<br /> <br /> [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]<br /> <br /> [http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]<br /> <br /> [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]<br /> <br /> [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]<br /> <br /> ===Books and Publications===<br /> <br /> [http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]<br /> <br /> [http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan<br /> <br /> [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom<br /> <br /> ===Tools===<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]<br /> <br /> [http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]<br /> <br /> [http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]<br /> <br /> [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]<br /> <br /> [http://learn.iis.net/page.aspx/473/using-urlscan URLScan]<br /> <br /> [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]<br /> <br /> [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]<br /> <br /> [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]<br /> <br /> ===Blogs & People===<br /> <br /> ===== OWASP =====<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> <br /> == General ==<br /> [http://securitybuddha.com/ Mark Curphrey's Blog]<br /> <br /> [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]<br /> <br /> [http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]<br /> <br /> [http://www.leastprivilege.com Dominick Baier's Blog]<br /> <br /> [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]<br /> <br /> [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Recommended_Resources&diff=60314 OWASP .NET Recommended Resources 2009-05-07T20:02:00Z

<p>Mroxberr: /* Blogs & People */</p> <hr /> <div>{| align="right" class="wikitable"<br /> |-<br /> ! OWASP .NET Quick Reference<br /> |- <br /> | <br /> *[[OWASP Code Review Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> |-<br /> |}<br /> ==OWASP .NET Recommended Resources==<br /> <br /> <br /> ===Areas of Concern===<br /> <br /> *Getting Started<br /> <br /> *Tutorials<br /> <br /> *Best Practices<br /> <br /> *OWASP Guidance and Tools<br /> <br /> ===Advisories, Articles & Projects===<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]<br /> <br /> [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]<br /> <br /> [http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]<br /> <br /> [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]<br /> <br /> [http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]<br /> <br /> [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]<br /> <br /> ===Online References===<br /> <br /> [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]<br /> <br /> [http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]<br /> <br /> [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]<br /> <br /> [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]<br /> <br /> ===Books and Publications===<br /> <br /> [http://www.microsoft.com/mspress/books/5957.aspx Writing Secure Code], Michael Howard and David LeBlanc<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=2412c443-27f6-4aac-9883-f55ba5b01814&displaylang=en&Hash=4fZb2FzZ7%2bmaj0VqoUbFZzzw0WW5%2bxWjK3XBVit5eX%2b%2bB90vmLtZlAstlNg9cRu6Pg%2b50DNCMhGT6ADei7DgFg%3d%3d Microsoft Security Development Lifecycle 3.2]<br /> <br /> [http://msdn.microsoft.com/en-us/library/aa302415.aspx Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication], J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy<br /> <br /> [http://msdn.microsoft.com/en-us/library/ms994921.aspx Improving Web Application Security: Threats and Countermeasures], J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan<br /> <br /> [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom<br /> <br /> ===Tools===<br /> <br /> [http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]<br /> <br /> [http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]<br /> <br /> [http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]<br /> <br /> [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]<br /> <br /> [http://learn.iis.net/page.aspx/473/using-urlscan URLScan]<br /> <br /> [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]<br /> <br /> [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]<br /> <br /> [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]<br /> <br /> ===Blogs & People===<br /> <br /> == OWASP ==<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> <br /> == General ==<br /> [http://securitybuddha.com/ Mark Curphrey's Blog]<br /> <br /> [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]<br /> <br /> [http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]<br /> <br /> [http://www.leastprivilege.com Dominick Baier's Blog]<br /> <br /> [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]<br /> <br /> [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=60312 Category:OWASP .NET Project 2009-05-07T19:48:11Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> ==== Resources ====<br /> === Member Contributions ===<br /> ; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]<br /> === Recommended Resources ===<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> === Security Guides ===<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> === Active Projects ===<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> === Research Projects ===<br /> ; [[OWASP .NET Research]]<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/ Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/ Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> * May 7, 2009 - Updated tabs, added content recommended by Andre Gironda<br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=60305 Category:OWASP .NET Project 2009-05-07T19:40:57Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> ==== Resources ====<br /> === Recommended Resources ===<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> === Security Guides ===<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> === Active Projects ===<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> === Research Projects ===<br /> ; [[OWASP .NET Research]]<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/ Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/ Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> * May 7, 2009 - Updated tabs, added content recommended by Andre Gironda<br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=60304 Category:OWASP .NET Project 2009-05-07T19:40:28Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> === Recommended Resources ===<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> === Security Guides ===<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> === Active Projects ===<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> === Research Projects ===<br /> ; [[OWASP .NET Research]]<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/ Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/ Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> * May 7, 2009 - Updated tabs, added content recommended by Andre Gironda<br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=60302 Category:OWASP .NET Project 2009-05-07T19:40:02Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/ Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/ Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> * May 7, 2009 - Updated tabs, added content recommended by Andre Gironda<br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> === Recommended Resources ===<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> === Security Guides ===<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> === Active Projects ===<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> === Research Projects ===<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=60300 Category:OWASP .NET Project 2009-05-07T19:36:16Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/ Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/ Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> === Recommended Resources ===<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> === Security Guides ===<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> === Active Projects ===<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> === Research Projects ===<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Project_Information:template_.NET_Project&diff=60298 Project Information:template .NET Project 2009-05-07T19:34:28Z

<p>Mroxberr: </p> <hr /> <div>----<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br /> | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP .NET Project''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description''' <br /> | colspan="7" style="width:85%; background:#cccccc" align="left"|The project will contain information, materials and software that are relevant to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services including:<br /> * Architectural guidance,<br /> * Developer tools, information and checklists,<br /> * IT professional content (for those that deploy and maintain .NET websites),<br /> * Penetration testing resources,<br /> * Incident response resources. <br /> The OWASP .NET Project Leader will actively recruit .NET contributors, including personnel from Microsoft, but others throughout the .NET ecosystem. Including experts from communities from large companies to ISVs, from enterprise architects to ALT.NET developers will be important for the overall reach of the OWASP .NET project. Other communities to consider include developers who use Mono (.NET for Linux), including Moonlight (Silverlight for Linux).<br /> The OWASP .NET Project Leader will actively contribute to the OWASP projects that require .NET resources, by recruiting resources or contributing to the project. <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''<br /> | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Mroxberr|'''Mark Roxberry''']]<br /> | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if any)<br /> | style="width:10%; background:#cccccc" align="center"|Mailing list<br>[https://lists.owasp.org/mailman/listinfo/owasp-dotnet '''Subscribe here''']<br>[mailto:owasp-dotnet(at)lists.owasp.org@lists.owasp.org '''Use here''']<br /> | style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Beta Status Projects|'''Documentation''']]<br /> | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']] <br /> |}<br /> {| style="width:100%" border="0" align="center" <br /> ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status''' <br /> ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''<br /> ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects''' <br /> |-<br /> | style="width:29%; background:#cccccc" align="center"|<br /> Provisory [[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|'''Beta Quality''']]<br>[[:OWASP .NET Project - Assessment Frame|Please see here for complete information.]]<br /> | style="width:42%; background:#cccccc" align="center"|<br /> [http://www.owasp.org/images/0/00/OWASP_dotNet_2008.pptx OWASP .Net Project PowerPoint Presentation]<br>[https://www.owasp.org/index.php/Category:OWASP_.NET_Project OWASP .NET]<br>[http://owasprox.blogspot.com/ Tracking Blog for OWASP .NET Project Lead]<br /> | style="width:29%; background:#cccccc" align="center"|<br /> [[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]<br>[[OWASP Testing Guide]]<br>[[.Net Assembly Analyzer]]<br>[[OWASP WebGoat Project]]<br>[[OWASP WebScarab Project]]<br>[http://code.google.com/p/owasp-net-content/ OWASP .NET Content Project]<br /> |}<br /> ----</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=57769 Category:OWASP .NET Project 2009-04-01T02:02:26Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/ Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/ Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=57768 Category:OWASP .NET Project 2009-04-01T01:58:23Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx| ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx| MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/| Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/| Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net/| StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=57767 Category:OWASP .NET Project 2009-04-01T01:56:50Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx| ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx| MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/| Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/| Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net| StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=57766 Category:OWASP .NET Project 2009-04-01T01:54:14Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx| ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx| MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/| Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/| Mono Forums]<br /> <br /> ; [http://stackoverflow.com/questions/tagged/security+asp.net | StackOverflow.com Security Questions]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Project_-_Assessment_Frame&diff=57238 OWASP .NET Project - Assessment Frame 2009-03-23T16:38:44Z

<p>Mroxberr: </p> <hr /> <div>[[:Category:OWASP .NET Project|Click here to return to project's main page]].<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br /> | colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP .NET Project''' <br /> |}<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS - OWASP Summer of Code 2008<br /> |-<br /> | style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer''' <br /> | style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>[[User:Mroxberr|'''Mark Roxberry''']] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>[[User:EoinKeary|'''Eoin Keary''']]<br /> | style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>[[User:Dennis.hurst|'''Dennis Hurst''']]<br /> | style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>[[User:Dinis.cruz|'''Dinis Cruz''']] <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''50% Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template .NET Project - 50 Review - Self Evaluation - A|Self-Evaluation (A)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template .NET Project - 50 Review - First Reviewer - C|First Reviewer (C)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template .NET Project 50 Review Second Review E|Second Reviewer (E)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Final Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release'''<br>---------<br>[[Project Information:template .NET Project - Final Review - Self Evaluation - B|Self-Evaluation (B)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template .NET Project - Final Review - First Reviewer - D|First Reviewer (D)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template .NET Project - Final Review - Second Reviewer - F|Second Reviewer (F)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template .NET Project - Final Review - OWASP Board Member - G|Board Member's review (G)]]<br /> |-<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Project_Information:template_.NET_Project_-_Final_Review_-_Self_Evaluation_-_B&diff=57237 Project Information:template .NET Project - Final Review - Self Evaluation - B 2009-03-23T16:36:23Z

<p>Mroxberr: </p> <hr /> <div>[[Project Information:template .NET Project|Clik here to return to the previous page]].<br /> <br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="3" align="center" style="background:#4058A0; color:white"|<font color="white">'''FINAL REVIEW''' <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART I''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Project Deliveries & Objectives <br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[OWASP Summer of Code 2008 Applications#OWASP .NET Project Leader|OWASP .NET Project's Deliveries & Objectives]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP .NET Project Leader|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|More work needs to be done for branding and promotion of the project, recruitment of contributors, advanced research. For the time period for SOC 2008, I am satisfied that the reorganization of the project is completed and there are valuable resources for .NET developers.<br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP .NET Project Leader|'''the assumed ones''']], please quantify in terms of percentage.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Measurable deliverables for SOC 2008, 100%<br /> <br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 3. What kind of help is required either from the Reviewers or from the OWASP Community?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|The OWASP .NET Project is a continuing organic project. I would like to continue working with the OWASP .NET Project, improving it with security research, best practices, how-to's and materials helpful to the community.<br /> <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART II''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Assessment Criteria<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[:Category:OWASP Project Assessment|OWASP Project Assessment Criteria]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|All Alpha criteria have been met.<br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|All Beta criteria have been met.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Conference Powerpoint is complete.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 4. What kind of help is required either from the Reviewers or from the OWASP Community?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Contributions, project review, tools review.<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=File:OWASP_dotNet_2008.pptx&diff=56873 File:OWASP dotNet 2008.pptx 2009-03-17T18:03:04Z

<p>Mroxberr: </p> <hr /> <div>OWASP .NET Project Season of Code 2008 Presentation.<br /> <br /> [[Category:OWASP .NET Project]]</div>

Mroxberr https://wiki.owasp.org/index.php?title=File:OWASP_dotNet_2008.pptx&diff=56872 File:OWASP dotNet 2008.pptx 2009-03-17T18:02:19Z

<p>Mroxberr: OWASP .NET Project Season of Code 2008 Presentation.</p> <hr /> <div>OWASP .NET Project Season of Code 2008 Presentation.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Project_Information:template_.NET_Project&diff=56871 Project Information:template .NET Project 2009-03-17T18:00:20Z

<p>Mroxberr: </p> <hr /> <div>----<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br /> | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP .NET Project''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description''' <br /> | colspan="7" style="width:85%; background:#cccccc" align="left"|The project will contain information, materials and software that are relevant to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services including:<br /> * Architectural guidance,<br /> * Developer tools, information and checklists,<br /> * IT professional content (for those that deploy and maintain .NET websites),<br /> * Penetration testing resources,<br /> * Incident response resources. <br /> The OWASP .NET Project Leader will actively recruit .NET contributors, including personnel from Microsoft, but others throughout the .NET ecosystem. Including experts from communities from large companies to ISVs, from enterprise architects to ALT.NET developers will be important for the overall reach of the OWASP .NET project. Other communities to consider include developers who use Mono (.NET for Linux), including Moonlight (Silverlight for Linux).<br /> The OWASP .NET Project Leader will actively contribute to the OWASP projects that require .NET resources, by recruiting resources or contributing to the project. <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''<br /> | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Mroxberr|'''Mark Roxberry''']]<br /> | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if any)<br /> | style="width:10%; background:#cccccc" align="center"|Mailing list<br>[https://lists.owasp.org/mailman/listinfo/owasp-dotnet '''Subscribe here''']<br>[mailto:owasp-dotnet(at)lists.owasp.org@lists.owasp.org '''Use here''']<br /> | style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Beta Status Projects|'''Documentation''']]<br /> | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']] <br /> |}<br /> {| style="width:100%" border="0" align="center" <br /> ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status''' <br /> ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''<br /> ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects''' <br /> |-<br /> | style="width:29%; background:#cccccc" align="center"|<br /> Provisory [[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|'''Beta Quality''']]<br>[[:OWASP .NET Project - Assessment Frame|Please see here for complete information.]]<br /> | style="width:42%; background:#cccccc" align="center"|<br /> [https://www.owasp.org/index.php/Category:OWASP_.NET_Project OWASP .NET]<br>[http://owaspdotnet.blogspot.com/ Tracking Blog for OWASP .NET Project Lead]<br /> | style="width:29%; background:#cccccc" align="center"|<br /> [[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]<br>[[OWASP Testing Guide]]<br>[[.Net Assembly Analyzer]]<br>[[OWASP WebGoat Project]]<br>[[OWASP WebScarab Project]]<br>[http://code.google.com/p/owasp-net-content/ OWASP .NET Content Project]<br /> |}<br /> ----</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Project_-_Assessment_Frame&diff=56870 OWASP .NET Project - Assessment Frame 2009-03-17T17:57:47Z

<p>Mroxberr: </p> <hr /> <div>[[:Category:OWASP .NET Project|Click here to return to project's main page]].<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br /> | colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP .NET Project''' <br /> |}<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS - OWASP Summer of Code 2008<br /> |-<br /> | style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer''' <br /> | style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>[[User:Mroxberr|'''Mark Roxberry''']] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>[[User:EoinKeary|'''Eoin Keary''']]<br /> | style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>[[User:Dennis.hurst|'''Dennis Hurst''']]<br /> | style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>[[User:Dinis.cruz|'''Dinis Cruz''']] <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''50% Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template .NET Project - 50 Review - Self Evaluation - A|Self-Evaluation (A)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template .NET Project - 50 Review - First Reviewer - C|First Reviewer (C)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template .NET Project 50 Review Second Review E|Second Reviewer (E)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Final Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template .NET Project - Final Review - Self Evaluation - B|Self-Evaluation (B)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template .NET Project - Final Review - First Reviewer - D|First Reviewer (D)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template .NET Project - Final Review - Second Reviewer - F|Second Reviewer (F)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template .NET Project - Final Review - OWASP Board Member - G|Board Member's review (G)]]<br /> |-<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=56869 Category:OWASP .NET Project 2009-03-17T17:44:03Z

<p>Mroxberr: /* Project Content */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> <br /> ; [http://forums.asp.net/25.aspx| ASP.NET Security Forum]<br /> <br /> ; [http://msdn.microsoft.com/en-us/security/aa570336.aspx| MSDN Security Developer Lists and Newsgroups]<br /> <br /> ; [http://silverlight.net/forums/| Silverlight Forums]<br /> <br /> ; [http://www.go-mono.com/forums/| Mono Forums]<br /> <br /> ; [ALT.NET User Groups]<br /> <br /> <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_OpenPGP_Extensions_for_HTTP_Project_-_Assessment_Frame&diff=56824 OWASP OpenPGP Extensions for HTTP Project - Assessment Frame 2009-03-17T13:32:46Z

<p>Mroxberr: </p> <hr /> <div>[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|Click here to return to project's main page]].<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br /> | colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp Project''' <br /> |}<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS - OWASP Summer of Code 2008<br /> |-<br /> | style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer''' <br /> | style="width:22%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>[[User:Buanzo|'''Arturo 'Buanzo' Busleiman''']] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>[[User:Mroxberr|'''Mark Roxberry''']]<br /> | style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>[[User:Dinis.cruz|'''Dinis Cruz''']]<br>[[User:Bradcausey|Brad Causey]] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(not applicable)<br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''50% Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|Self-Evaluation (A)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|First Reviewer (C)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|Second Reviewer (E)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Final Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|Self-Evaluation (B)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality''' <br>---------<br>[[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|First Reviewer (D)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|Second Reviewer (F)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_OpenPGP_Extensions_for_HTTP_Project_-_Assessment_Frame&diff=56823 OWASP OpenPGP Extensions for HTTP Project - Assessment Frame 2009-03-17T13:32:15Z

<p>Mroxberr: </p> <hr /> <div>[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|Click here to return to project's main page]].<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br /> | colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp Project''' <br /> |}<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS - OWASP Summer of Code 2008<br /> |-<br /> | style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer''' <br /> | style="width:22%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>[[User:Buanzo|'''Arturo 'Buanzo' Busleiman''']] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>[[User:Mroxberr|'''Mark Roxberry''']]<br /> | style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>[[User:Dinis.cruz|'''Dinis Cruz''']]<br>[[User:Bradcausey|Brad Causey]] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(not applicable)<br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''50% Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|Self-Evaluation (A)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|First Reviewer (C)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|Second Reviewer (E)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Final Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|Self-Evaluation (B)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' (To update)<br>---------<br>Which status has been reached?<br>'''Beta Quality''' - (To update)<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|First Reviewer (D)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|Second Reviewer (F)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Project_Information:template_.NET_Project_-_Final_Review_-_Self_Evaluation_-_B&diff=56809 Project Information:template .NET Project - Final Review - Self Evaluation - B 2009-03-17T04:01:49Z

<p>Mroxberr: </p> <hr /> <div>[[Project Information:template .NET Project|Clik here to return to the previous page]].<br /> <br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="3" align="center" style="background:#4058A0; color:white"|<font color="white">'''FINAL REVIEW''' <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART I''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Project Deliveries & Objectives <br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[OWASP Summer of Code 2008 Applications#OWASP .NET Project Leader|OWASP .NET Project's Deliveries & Objectives]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP .NET Project Leader|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|More work needs to be done for branding and promotion of the project, recruitment of contributors, advanced research. For the time period for SOC 2008, I am satisfied that the reorganization of the project is completed and there are valuable resources for .NET developers.<br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP .NET Project Leader|'''the assumed ones''']], please quantify in terms of percentage.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Measurable deliverables for SOC 2008, 100%<br /> <br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 3. What kind of help is required either from the Reviewers or from the OWASP Community?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|The OWASP .NET Project is a continuing organic project. I would like to continue working with the OWASP .NET Project, improving it with security research, best practices, how-to's and materials helpful to the community.<br /> <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART II''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Assessment Criteria<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[:Category:OWASP Project Assessment|OWASP Project Assessment Criteria]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|All Alpha criteria have been met.<br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|All Beta criteria have been met.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Conference Powerpoint is not complete. Content not appropriate for an OWASP Book.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 4. What kind of help is required either from the Reviewers or from the OWASP Community?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Contributions, project review, tools review.<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Project_Information:template_Enigform_and_mod_OpenPGP_-_Final_Review_-_First_Reviewer_-_D&diff=56808 Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D 2009-03-17T03:22:06Z

<p>Mroxberr: </p> <hr /> <div>[[Project Information:template Enigform and mod OpenPGP|Clik here to return to the previous page]].<br /> <br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="3" align="center" style="background:#4058A0; color:white"|<font color="white">'''FINAL REVIEW''' <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART I''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Project Deliveries & Objectives <br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|I confirmed that Enigform works with Wordpress. I was able to install the Enigform extension from Mozilla. I tested the server side key import with several PGP keys. I observed encrypted transmission using the tool. I am satisfied with the copious documentation. I have tested each feature and worked with Arturo to resolve any issue and reach completion.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please quantify in terms of percentage.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|100%<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 3. Please do use the right hand side column to provide advice and make work suggestions.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|I'd like to see the project extended to develop additional server side modules and additional Enigform client tools. If it is possible to push to an open source code repo, and start outlining how to develop additional tools, that would be invaluable. However, I do not consider that necessary for completion.<br /> <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART II''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Assessment Criteria<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[:Category:OWASP Project Assessment|OWASP Project Assessment Criteria]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Arturo needs to implement a better way to make the code available at Googlecode or Sourceforge. I would like to see documentation in OWASP updated for the project, including a roadmap of future deliveries.<br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Server side GUI may not be feasible or needed. Client side GUI is basically the Options for the Enigform extension.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|N/A<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 4. Please do use the right hand side column to provide advice and make work suggestions.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Move more of the documentation and code to googlecode or sourceforge. Documentation for developing other server application modules, other enigform clients would be useful, if not already in progress by Arturo.<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Project_Information:template_Enigform_and_mod_OpenPGP_-_Final_Review_-_First_Reviewer_-_D&diff=56807 Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D 2009-03-17T03:16:10Z

<p>Mroxberr: </p> <hr /> <div>[[Project Information:template Enigform and mod OpenPGP|Clik here to return to the previous page]].<br /> <br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="3" align="center" style="background:#4058A0; color:white"|<font color="white">'''FINAL REVIEW''' <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART I''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Project Deliveries & Objectives <br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|I confirmed that Enigform works with Wordpress. I was able to install the Enigform extension from Mozilla. I tested the server side key import with several PGP keys. I am satisfied with the copious documentation. I have tested each feature and worked with Arturo to resolve any issue and reach completion.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please quantify in terms of percentage.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|100%<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 3. Please do use the right hand side column to provide advice and make work suggestions.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|I'd like to see the project extended to develop additional server side modules and additional Enigform client tools. If it is possible to push to an open source code repo, and start outlining how to develop additional tools, that would be invaluable. However, I do not consider that necessary for completion.<br /> <br /> |- <br /> | style="width:25%; background:white" align="center"|'''PART II''' <br /> | colspan="2" style="width:75%; background:white" align="left"|<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Assessment Criteria<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[:Category:OWASP Project Assessment|OWASP Project Assessment Criteria]]<br /> |-<br /> | style="width:25%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Arturo needs to implement a better way to make the code available at Googlecode or Sourceforge. I would like to see documentation in OWASP updated for the project, including a roadmap of future deliveries.<br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Server side GUI may not be feasible or needed. Client side GUI is basically the Options for the Enigform extension.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|N/A<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 4. Please do use the right hand side column to provide advice and make work suggestions.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|Move more of the documentation and code to googlecode or sourceforge. Documentation for developing other server application modules, other enigform clients would be useful, if not already in progress by Arturo.<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=56303 Category:OWASP .NET Project 2009-03-07T22:48:54Z

<p>Mroxberr: </p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==Project Content==<br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /><br /> <br /><br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=56302 Category:OWASP .NET Project 2009-03-07T22:45:43Z

<p>Mroxberr: </p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> |-<br /> |}<br /> <br /> ==== Project Tracker ====<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! Project Tracker<br /> |- <br /> | <br /> * March 7, 2009 - Converted to new tab format, added Project Tracker tab<br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /> <br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=56301 Category:OWASP .NET Project 2009-03-07T22:41:17Z

<p>Mroxberr: /* .NET Project Overview */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> <br /> == OWASP .NET ==<br /> <br /> <br /> ==== .NET Project Overview ====<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> ==== Resources ====<br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> ==== Security Guides ====<br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> ==== Active Projects ====<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> ==== Research Projects ====<br /> ; [[OWASP .NET Research]]<br /> <br /> <headertabs/><br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Active_Projects&diff=56297 OWASP .NET Active Projects 2009-03-07T21:34:38Z

<p>Mroxberr: </p> <hr /> <div>===OWASP Projects===<br /> '''Note:''' <br /> The following releases are available on the [https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=105632 dotNET section] of the [https://sourceforge.net/projects/owasp/ SourceForge OWASP Project pages]<br /> <br /><br /> <br /> * [[Owasp SiteGenerator]] (sponsored by Foundstone)<br /> * [[Owasp Report Generator]]<br /> * [[ANBS]] (Asp.Net Baseline Security) - includes the tools [[SAM'SHE]] (Security Analyzer for Microsoft's Shared Hosting Environments) and [[Online IIS Metabase Explorer]]<br /> * [[ASP.NET Reflector]]<br /> * [[ANSA]] (Asp.Net Security Analyzer) - first tool developed by Dinis Cruz that hilights the security problems of Full Trust Asp.Net code (contains Proof of Concept tests (i.e. exploits))<br /> * [[DefApp]] - Partial port of ModSecurity to the .Net Platform <br /> * [[Owasp FOSBBWAS (code name Beretta)]]<br /> * [[.Net Assembly Analyzer]]<br /> * [[OWASP_Tiger|OWASP Tiger]]<br /> * [[.Net CSRF Guard]]<br /> <br /><br /> <br /> The following OWASP projects are hosted on other project hosting sites:<br /> <br /> * [http://code.google.com/p/owasp-esapi-dotnet/ OWASP ESAPI .NET]<br /> <br /><br /> ===Active Project Workspaces===<br /> *[http://trac2.assembla.com/owaspdotnet/query?status=new&status=assigned&status=reopened&group=type&reporter=%7E&eta=%7E Task and Research projects]<br /> *FXCop Ruleset<br /> *Sprajax<br /> *CSSpider<br /> *[http://www.assembla.com/wiki/show/owaspdotnet SCAN (Code Scanner)]<br /> <br /><br /> <br /> ===Related Open Source Projects===<br /> * [[Hacme Bank]] (Foundstone tool)<br /> * [[.NetMon]] (Foundstone tool)<br /> * [[Validator.NET]] (Foundstone tool)<br /> <br /><br /> <br /> ===Source Code Repositories===<br /> Any repository that allows public access and has terms of service that holds no claim on the content that our members upload is generally o.k. The following repos are popular among the members:<br /> <br /> *[http://www.codeplex.com/Project/ProjectDirectory.aspx?ProjectSearchText=owasp OWASP @ Codeplex]<br /> *[http://code.google.com/p/owasp-code-central/ OWASP @ Google Code]<br /> *[http://sourceforge.net/projects/owasp/ OWASP @ SourceForge]<br /> <br /><br /> <br /> ===Starting your own .NET Project===<br /> If you're interested in starting your own project, please read [https://www.owasp.org/index.php/How_to_Start_an_OWASP_Project How to Start an OWASP Project]. Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new projects so that they're properly categorized.</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project_-_Assessment_Frame&diff=55496 OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Assessment Frame 2009-02-25T20:24:10Z

<p>Mroxberr: </p> <hr /> <div>[[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|Click here to return to project's main page]].<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION''' <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''<br /> | colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project''' <br /> |}<br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS - OWASP Summer of Code 2008<br /> |-<br /> | style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer''' <br /> | style="width:22%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>[[:User:Ddk|'''Dmitry Kozlov''']] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>[[User:Mroxberr|'''Mark Roxberry''']]<br /> | style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>[[User:Medelibero|'''Mike de Libero''']] <br /> | style="width:21%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(not applicable)<br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''50% Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - 50 Review - Self Evaluation - A|Self-Evaluation (A)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - 50 Review - First Reviewer - C|First Reviewer (C)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''No [but close]'''<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project 50 Review Second Review E|Second Reviewer (E)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X <br /> |-<br /> | style="width:15%; background:#7B8ABD" align="center"|'''Final Review''' <br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Alpha Quality''' (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Final Review - Self Evaluation - B|Self-Evaluation (B)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Alpha Quality''' (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Final Review - First Reviewer - D|First Reviewer (D)]]<br /> | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Alpha Quality''' (To update)<br>---------<br>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - Final Review - Second Reviewer - F|Second Reviewer (F)]]<br /> | style="width:22%; background:#C2C2C2" align="center"|X<br /> |-<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Project_Information:template_Application_Security_Tool_Benchmarking_Environment_and_Site_Generator_Refresh_Project_-_50_Review_-_First_Reviewer_-_C&diff=55468 Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project - 50 Review - First Reviewer - C 2009-02-25T15:42:47Z

<p>Mroxberr: </p> <hr /> <div>[[Project Information:template Application Security Tool Benchmarking Environment and Site Generator Refresh Project|Click here to return to the previous page]].<br /> <br /> {| style="width:100%" border="0" align="center"<br /> ! colspan="3" align="center" style="background:#4058A0; color:white"|<font color="white">'''50% REVIEW PROCESS''' <br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> Project Deliveries & Objectives <br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|<br /> [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P003/P013 - OWASP Application Security Tool Benchmarking Environment and Site Generator refresh.=|OWASP Application Security Tool Benchmarking Environment and Site Generator refresh Project's Deliveries & Objectives]]<br /> |-<br /> | style="width:25x%; background:#4058A0" align="center"|<font color="white">'''QUESTIONS''' <br /> | colspan="2" style="width:75%; background:#4058A0" align="left"|<font color="white">'''ANSWERS''' <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P003/P013 - OWASP Application Security Tool Benchmarking Environment and Site Generator refresh.=|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|I'm unsure what the OWASP Application Security Tool Benchmarking Environment refers to, and was unable to assess its completeness. The project application does not provide specifics for the Application Security tool Benchmarking Environment.<br /> Regarding the Site Generator UI refresh and componentization, the UI has been improved and there is a separation of code into components. I was able to download and install the application and generate sites.<br /> |- <br /> | style="width:25%; background:#7B8ABD" align="center"| <br /> <br /> 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P003/P013 - OWASP Application Security Tool Benchmarking Environment and Site Generator refresh.=|'''the assumed ones''']], please quantify in terms of percentage.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"| From my observation, and no real quantification of the project requirements, the Site Generator refresh is at 50%.<br /> |- <br /> |-<br /> | style="width:25%; background:#7B8ABD" align="center"|<br /> 3. Please do use the right hand side column to provide advice and make work suggestions.<br /> | colspan="2" style="width:75%; background:#cccccc" align="left"|The following are notes that I have for the project:<br /> # Help link is needed (for both v1 and v2). A concise how-to would be helpful. I reviewed the User Guide NG and maybe have a help toolbar item in the toolbar that opens that up (for a start)<br /> # Maximized the application doesn't stretch well. You probably should disable maximization.<br /> # What is the www.adrianTNT.com url link in the web directory of the generated site?<br /> # How is the database installed for SQL injection vulns? Right now I'm getting an error that login for 'webuser' does not exist. I don't see any added databases.<br /> # Are dependencies for SiteGen checked on install? If a user does not have .NET 2.0, is there a dep check?<br /> # The web output looks dated. I don't like the flash menu and the web layout can be better.<br /> # There are vulns in Site Generator 1 that are not in the update (e.g. HiddenFormField, IntegerOverflow, PoorEncryption, etc.). Have they been consolidated or removed? If so, was there a justification<br /> # Is there a guide on adding my own vulnerabilities to the Site Generator templates?<br /> # Is it possible to add templates for other languages?<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&diff=53822 Category:OWASP .NET Project 2009-02-10T02:56:52Z

<p>Mroxberr: /* .NET Project Overview */</p> <hr /> <div>{{:Project Information:template .NET Project}}<br /> [[Category:OWASP Project]]<br /> [[Category:OWASP Document]]<br /> [[Category:OWASP Download]]<br /> [[Category:OWASP Beta Quality Document]]<br /> <br /> ==About==<br /> The OWASP .NET Project contains content related to securing .NET applications and services.<br /> <br /> <br /> ==.NET Project Overview==<br /> {| align="right" class="wikitable"<br /> |-<br /> ! OWASP Project Quick Reference<br /> |- <br /> | <br /> *[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]<br /><br /> *[[OWASP Testing Guide]]<br /><br /> *[[.Net Assembly Analyzer]]<br /><br /> *[[OWASP WebGoat Project]]<br /><br /> *[[OWASP WebScarab Project]]<br /> *[http://code.google.com/p/owasp-net-content/ OWASP .NET Content Project]<br /> |-<br /> |}<br /> <br /> '''Purpose'''<br /> <br /> The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. The project will try to include resources from Microsoft and from the Open Source community, the Alt.NET community and other related security resources.<br /> <br /> Please review the [[:Category:Vulnerability|vulnerabilities]] section at OWASP for the grand list of web vulnerabilities, many apply to .NET software. This section has a Quick Reference table for OWASP projects that you can use for your security projects now. For .NET related content throughout the site, look for the [[:Category:.NET|.NET category]]. There is plenty of work to be done, so feel free to join the OWASP .NET Project (See Joining the project below). Contribute work or join our mailing list, many voices are better than one, so join today!<br /> <br /> '''Goals'''<br /> <br /> *To provide a comprehensive collection of resources for all roles involved with designing, developing and maintaining .NET web applications and services.<br /> <br /> *To organize content specific to OWASP projects that can be used or referenced for .NET security.<br /> <br /> *To reach out and bring in content from the open source community to protect users of .NET web applications and services.<br /> <br /> '''Content'''<br /> <br /> Check out the OWASP .NET Recommended Resources wiki page for a quick list of resources available now for secure .NET development:<br /> <br /> ; [[OWASP .NET Recommended Resources| OWASP .NET Recommended Resources]]<br /> <br /> The following sections include content that can be useful for a specific role in securing .NET web applications and services:<br /> <br /> ; [[.NET Security for Architects| .NET Security for Architects]]<br /> ; [[.NET Security for Developers| .NET Security for Developers]]<br /> ; [[.NET Security for IT Professional| .NET Security for IT Professionals]]<br /> ; [[.NET Penetration Testing| .NET Penetration Testing]]<br /> ; [[.NET Incident Response| .NET Incident Response]]<br /> <br /> For active projects:<br /> ; [[OWASP .NET Active Projects]]<br /> <br /> For research projects:<br /> ; [[OWASP .NET Research]]<br /> <br /> ==Joining the Project==<br /> The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]<br /> * Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].<br /> * If you'd like to contribute:<br /> # visit the [[Tutorial]], <br /> # join the mailing list (see [[How to join Owasp.Net Mailing List]])<br /> # and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic<br /> # or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.<br /> <br /> Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.<br /> <br /> {|class="wikitable" width="75%"<br /> |-<br /> ! OWASP .NET Project Latest<br /> |- <br /> | <br /> * February 9, 2009 Added [[OWASP .NET Research]] and removed [[OWASP .NET Vulnerability Research]] from project page.<br /> * February 9, 2009 Added [[.NET Framework Rootkits]] to [[OWASP .NET Research]]<br /> |-<br /> |}</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Research&diff=53701 OWASP .NET Research 2009-02-09T17:22:58Z

<p>Mroxberr: /* Core Research Items */</p> <hr /> <div>The OWASP .NET Research page is for tracking research related to the .NET framework and applications built on the .NET framework.<br /> <br /> ==Core Research Items==<br /> [[Image:Presentation_-_.NET_Framework_Rootkits_-_Backdoors_Inside_Your_Framework.ppt|.NET Framework Rootkits]]</div>

Mroxberr https://wiki.owasp.org/index.php?title=OWASP_.NET_Research&diff=53699 OWASP .NET Research 2009-02-09T17:19:19Z

<p>Mroxberr: New page: The OWASP .NET Research page is for tracking research related to the .NET framework and applications built on the .NET framework. ==Core Research Items== [[Media:Image:Presentation_-_.NET...</p> <hr /> <div>The OWASP .NET Research page is for tracking research related to the .NET framework and applications built on the .NET framework.<br /> <br /> ==Core Research Items==<br /> [[Media:Image:Presentation_-_.NET_Framework_Rootkits_-_Backdoors_Inside_Your_Framework.ppt | .NET Framework Rootkits]]</div>

Mroxberr https://wiki.owasp.org/index.php?title=File:Presentation_-_.NET_Framework_Rootkits_-_Backdoors_Inside_Your_Framework.ppt&diff=53698 File:Presentation - .NET Framework Rootkits - Backdoors Inside Your Framework.ppt 2009-02-09T17:09:18Z

<p>Mroxberr: </p> <hr /> <div>[[Category:OWASP .NET Project]]</div>

Mroxberr