OWASP - User contributions [en]

File:Preview Image.png

2016-04-17T11:02:33Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Preview Image.png"

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

File:Preview Image.png

2016-04-17T11:02:05Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Preview Image.png"

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

File:Banner.png

2016-04-17T11:01:24Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Banner.png"

OWASP ASP.NET MVC Boilerplate Project

2016-04-17T10:59:09Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:Preview_Image.png|650px|center]]

===Better Defaults===

The default MVC template provided by Microsoft is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default! ASP.NET MVC Boilerplate makes everything secure by default.

===TLS and HTTPS===

Setting up TLS, so that your site runs over HTTPS is very difficult in ASP.NET MVC as it requires several steps to do it correctly. ASP.NET MVC Boilerplate makes this easy with step by step instructions and links.

===HTTP Headers===

Several HTTP headers are also used to provide better security using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages:

# [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)].
# [https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security Strict-Transport-Security (HSTS)]
# [https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins (HPKP)]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Content-Type-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Download-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Frame-Options]

===Subresource Integrity (SRI)===

ASP.NET MVC Boilerplate has [http://rehansaeed.com/subresource-integrity-taghelper-using-asp-net-core/ Subresource Integrity (SRI)] implemented by default using a custom ASP.NET MVC 6 TagHelper.

===Detailed Comments===

ASP.NET MVC Boilerplate provides detailed comments and links to official documentation explaining all of the security features.

===Security Check-List===

ASP.NET MVC Boilerplate provides a check-list of steps the developer needs to take to secure the site.

===Fingerprint Resistant===

ASP.NET MVC Boilerplate attempts to thwart fingerprinting tools by removing the IIS and .NET version HTTP headers and also changing several defaults including session and anti-forgery cookie names.

===Dynamic IP Security===

ASP.NET MVC Boilerplate enables IIS Dynamic IP Security to limit the maximum number of concurrent requests to thwart DDOS attacks.

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.com Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

File:Preview Image.png

2016-04-17T10:56:53Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Preview Image.png"

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

File:Preview Image.png

2016-04-17T10:55:21Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Preview Image.png"

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

File:Preview Image.png

2016-04-17T10:54:17Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Preview Image.png"

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

File:Preview Image.png

2016-04-17T10:53:49Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Preview Image.png"

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

File:Preview Image.png

2016-04-17T10:53:26Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Preview Image.png"

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

OWASP ASP.NET MVC Boilerplate Project

2016-04-17T10:50:56Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:Preview_Image.png|650px|center]]

===Better Defaults===

The default MVC template provided by Microsoft is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default! ASP.NET MVC Boilerplate makes everything secure by default.

===TLS and HTTPS===

Setting up TLS, so that your site runs over HTTPS is very difficult in ASP.NET MVC as it requires several steps to do it correctly. ASP.NET MVC Boilerplate makes this easy with step by step instructions and links.

===HTTP Headers===

Several HTTP headers are also used to provide better security using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages:

# [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)].
# [https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security Strict-Transport-Security (HSTS)]
# [https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins (HPKP)]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Content-Type-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Download-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Frame-Options]

===Detailed Comments===

ASP.NET MVC Boilerplate provides detailed comments and links to official documentation explaining all of the security features.

===Security Check-List===

ASP.NET MVC Boilerplate provides a check-list of steps the developer needs to take to secure the site.

===Fingerprint Resistant===

ASP.NET MVC Boilerplate attempts to thwart fingerprinting tools by removing the IIS and .NET version HTTP headers and also changing several defaults including session and anti-forgery cookie names.

===Dynamic IP Security===

ASP.NET MVC Boilerplate enables IIS Dynamic IP Security to limit the maximum number of concurrent requests to thwart DDOS attacks.

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.com Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP ASP.NET MVC Boilerplate Project

2016-04-17T10:49:47Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:MVC_6_Preview_Image.png|650px|center]]

===Better Defaults===

The default MVC template provided by Microsoft is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default! ASP.NET MVC Boilerplate makes everything secure by default.

===TLS and HTTPS===

Setting up TLS, so that your site runs over HTTPS is very difficult in ASP.NET MVC as it requires several steps to do it correctly. ASP.NET MVC Boilerplate makes this easy with step by step instructions and links.

===HTTP Headers===

Several HTTP headers are also used to provide better security using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages:

# [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)].
# [https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security Strict-Transport-Security (HSTS)]
# [https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins (HPKP)]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Content-Type-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Download-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Frame-Options]

===Detailed Comments===

ASP.NET MVC Boilerplate provides detailed comments and links to official documentation explaining all of the security features.

===Security Check-List===

ASP.NET MVC Boilerplate provides a check-list of steps the developer needs to take to secure the site.

===Fingerprint Resistant===

ASP.NET MVC Boilerplate attempts to thwart fingerprinting tools by removing the IIS and .NET version HTTP headers and also changing several defaults including session and anti-forgery cookie names.

===Dynamic IP Security===

ASP.NET MVC Boilerplate enables IIS Dynamic IP Security to limit the maximum number of concurrent requests to thwart DDOS attacks.

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.com Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

File:MVC 6 Preview Image.png

2016-04-17T10:49:22Z

RehanSaeed:

File:New Project.png

2016-04-17T10:48:49Z

RehanSaeed: RehanSaeed uploaded a new version of "File:New Project.png"

The Visual Studio 'File -> New Project' dialog, showing the ASP.NET MVC Boilerplate project template.

File:Banner.png

2016-04-17T10:46:32Z

RehanSaeed: RehanSaeed uploaded a new version of "File:Banner.png"

OWASP ASP.NET MVC Boilerplate Project

2015-07-02T11:44:11Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:Preview_Image.png|650px|center]]

===Better Defaults===

The default MVC template provided by Microsoft is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default! ASP.NET MVC Boilerplate makes everything secure by default.

===TLS and HTTPS===

Setting up TLS, so that your site runs over HTTPS is very difficult in ASP.NET MVC as it requires several steps to do it correctly. ASP.NET MVC Boilerplate makes this easy with step by step instructions and links.

===HTTP Headers===

Several HTTP headers are also used to provide better security using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages:

# [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)].
# [https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security Strict-Transport-Security (HSTS)]
# [https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins (HPKP)]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Content-Type-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Download-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Frame-Options]

===Detailed Comments===

ASP.NET MVC Boilerplate provides detailed comments and links to official documentation explaining all of the security features.

===Security Check-List===

ASP.NET MVC Boilerplate provides a check-list of steps the developer needs to take to secure the site.

===Fingerprint Resistant===

ASP.NET MVC Boilerplate attempts to thwart fingerprinting tools by removing the IIS and .NET version HTTP headers and also changing several defaults including session and anti-forgery cookie names.

===Dynamic IP Security===

ASP.NET MVC Boilerplate enables IIS Dynamic IP Security to limit the maximum number of concurrent requests to thwart DDOS attacks.

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.com Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP ASP.NET MVC Boilerplate Project

2015-07-02T11:42:31Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:Preview_Image.png|650px|center]]

===Better Defaults===

The default MVC template provided by Microsoft is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default! ASP.NET MVC Boilerplate makes everything secure by default.

===TLS and HTTPS===

Setting up TLS, so that your site runs over HTTPS is very difficult in ASP.NET MVC as it requires several steps to do it correctly. ASP.NET MVC Boilerplate makes this easy with step by step instructions and links.

===HTTP Headers===

Several HTTP headers are also used to provide better security using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages:

# [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)].
# [https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security Strict-Transport-Security]
# [https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Content-Type-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Download-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Frame-Options]

===Detailed Comments===

ASP.NET MVC Boilerplate provides detailed comments and links to official documentation explaining all of the security features.

===Security Check-List===

ASP.NET MVC Boilerplate provides a check-list of steps the developer needs to take to secure the site.

===Fingerprint Resistant===

ASP.NET MVC Boilerplate attempts to thwart fingerprinting tools by removing the IIS and .NET version HTTP headers and also changing several defaults including session and anti-forgery cookie names.

===Dynamic IP Security===

ASP.NET MVC Boilerplate enables IIS Dynamic IP Security to limit the maximum number of concurrent requests to thwart DDOS attacks.

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.com Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP ASP.NET MVC Boilerplate Project

2015-07-02T11:41:03Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:Preview_Image.png|650px|center]]

===Better Defaults===

The default MVC template provided by Microsoft is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default! ASP.NET MVC Boilerplate makes everything secure by default.

===TLS and HTTPS===

Setting up TLS, so that your site runs over HTTPS is very difficult in ASP.NET MVC as it requires several steps to do it correctly. ASP.NET MVC Boilerplate makes this easy with step by step instructions and links.

===HTTP Headers===

Several HTTP headers are also used to provide better security using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages:

# [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)].
# [https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security Strict-Transport-Security]
# [https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Content-Type-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Download-Options]
# [http://rehansaeed.com/nwebsec-asp-net-mvc-security-through-http-headers/ X-Frame-Options]

===Detailed Comments===

ASP.NET MVC Boilerplate provides detailed comments and links to official documentation explaining all of the security features.

===Fingerprint Resistant===

ASP.NET MVC Boilerplate attempts to thwart fingerprinting tools by removing the IIS and .NET version HTTP headers and also changing several defaults including session and anti-forgery cookie names.

===Dynamic IP Security===

ASP.NET MVC Boilerplate enables IIS Dynamic IP Security to limit the maximum number of concurrent requests to thwart DDOS attacks.

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.com Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP ASP.NET MVC Boilerplate Project

2015-06-16T17:15:30Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:Preview_Image.png|650px|center]]

The default MVC template is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default!

ASP.NET MVC Boilerplate makes everything secure by default but goes further and uses various HTTP headers which are sent to the browser to restrict things further.

It also makes use of the new [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)] HTTP Header using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages. CSP revolutionizes web security and I highly recommend reading the above link.

Setting up SSL/TLS, so that your site runs over HTTPS is made easy with easy step by step instructions and links.

==Licensing==
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.com Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP ASP.NET MVC Boilerplate Project

2015-04-28T15:01:22Z

RehanSaeed:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

==ASP.NET MVC Boilerplate Project==
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
[[File:New_Project.png|center]]

==Description==
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
[[File:Preview_Image.png|650px|center]]

The default MVC template is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default!

ASP.NET MVC Boilerplate makes everything secure by default but goes further and uses various HTTP headers which are sent to the browser to restrict things further.

It also makes use of the new [https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy Content Security Policy (CSP)] HTTP Header using the [https://nwebsec.codeplex.com/ NWebSec] NuGet packages. CSP revolutionizes web security and I highly recommend reading the above link.

Setting up SSL/TLS, so that your site runs over HTTPS is made easy with easy step by step instructions and links.

==Licensing==
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate/blob/master/LICENSE GNU Affero General Public License 2.0] as published by the Free Software Foundation 2015.

== Project Resources ==
<ul>
<li>
[https://github.com/RehanSaeed/ASP.NET-MVC-Boilerplate GitHub Project Home Page] where you can view source code, log issues and view the change log.
</li>
<li>
[https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d Visual Studio Gallery] where you can install the project template, rate/review it.
</li>
<li>
[http://rehansaeed.co.uk/asp-net-mvc-boilerplate/ My RehanSaeed.co.uk] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
</li>
</ul>

== Project Leader ==
[http://rehansaeed.co.uk Muhammad Rehan Saeed]

==Classifications==
[[File:Project_Type_Files_CODE.jpg|link=]]
[[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
[[File:Owasp-builders-small.png|link=Builders]]
[[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]

== News and Events ==
Read all of the blog articles about this project [http://rehansaeed.co.uk/asp-net-mvc-boilerplate/ here].

==Roadmap==
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.

==Getting Involved==
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.

=Minimum Viable Product=
A Visual Studio Project Template which you can download [https://visualstudiogallery.msdn.microsoft.com/6cf50a48-fc1e-4eaf-9e82-0b2a6705ca7d here]

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP ASP.NET MVC Boilerplate Project

2015-04-28T14:50:11Z

RehanSaeed: Updated images

File:Preview Image.png

2015-04-28T14:48:08Z

RehanSaeed: The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

The main page of your site generated from the ASP.NET MVC Boilerplate Visual Studio project template.

File:New Project.png

2015-04-28T14:46:53Z

RehanSaeed: The Visual Studio 'File -> New Project' dialog, showing the ASP.NET MVC Boilerplate project template.

The Visual Studio 'File -> New Project' dialog, showing the ASP.NET MVC Boilerplate project template.

OWASP ASP.NET MVC Boilerplate Project

2015-04-28T14:45:02Z

RehanSaeed: First Draft