This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP SafeNuGet"
| Line 5: | Line 5: | ||
OWASP SafeNuGet is an MSBuild task which will warn developers if they are using NuGet packages with known vulnerabilities. | OWASP SafeNuGet is an MSBuild task which will warn developers if they are using NuGet packages with known vulnerabilities. | ||
| − | More information about | + | More information about SafeNuGet can be found on the [https://github.com/owasp/SafeNuGet Github SafeNuGet site]. |
=Project About= | =Project About= | ||
Revision as of 20:48, 23 June 2013
The OWASP Top 10 2013 contains a new entry: A9 - Using Components with Known Vulnerabilities. SafeNuGet can currently be used to scan .NET applications to identify any known vulnerable components.
The problem with using known vulnerable components was described very well in a paper by Jeff Williams and Arshan Dabirsiaghi titled, "The Unfortunate Reality of Insecure Libraries". The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the National Vulnerability Database).
OWASP SafeNuGet is an MSBuild task which will warn developers if they are using NuGet packages with known vulnerabilities.
More information about SafeNuGet can be found on the Github SafeNuGet site.
Project About
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||||||
