This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP ASP.NET MVC Boilerplate Project"
RehanSaeed (talk | contribs) |
RehanSaeed (talk | contribs) |
||
Line 31: | Line 31: | ||
</li> | </li> | ||
<li> | <li> | ||
− | [http://rehansaeed. | + | [http://rehansaeed.com/asp-net-mvc-boilerplate/ My RehanSaeed.com] blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it. |
</li> | </li> | ||
</ul> | </ul> | ||
== Project Leader == | == Project Leader == | ||
− | [http://rehansaeed. | + | [http://rehansaeed.com Muhammad Rehan Saeed] |
==Classifications== | ==Classifications== | ||
Line 45: | Line 45: | ||
== News and Events == | == News and Events == | ||
− | Read all of the blog articles about this project [http://rehansaeed. | + | Read all of the blog articles about this project [http://rehansaeed.com/asp-net-mvc-boilerplate/ here]. |
==Roadmap== | ==Roadmap== |
Revision as of 17:15, 16 June 2015
ASP.NET MVC Boilerplate Project
The default ASP.NET MVC project template uses insecure defaults and omits many security features altogether. ASP.NET MVC Boilerplate is a Visual Studio project template that enables security features by default and adds liberal comments and links to further resources to help developers (Who often do not have a lot of knowledge on the subject) get started.
Description
A professional ASP.NET MVC template for building secure, fast, robust and adaptable web applications or sites. It provides the minimum amount of code required on top of the default MVC template provided by Microsoft to provide security by default.
The default MVC template is not as secure as it could be. There are various settings (Mostly in the web.config file) which are insecure by default. For example, it leaks information about which version of IIS you are using and allows external scripts to access cookies by default!
ASP.NET MVC Boilerplate makes everything secure by default but goes further and uses various HTTP headers which are sent to the browser to restrict things further.
It also makes use of the new Content Security Policy (CSP) HTTP Header using the NWebSec NuGet packages. CSP revolutionizes web security and I highly recommend reading the above link.
Setting up SSL/TLS, so that your site runs over HTTPS is made easy with easy step by step instructions and links.
Licensing
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License 2.0 as published by the Free Software Foundation 2015.
Project Resources
- GitHub Project Home Page where you can view source code, log issues and view the change log.
- Visual Studio Gallery where you can install the project template, rate/review it.
- My RehanSaeed.com blog where I post articles detailing features of the project. The project template itself links to many of the articles so that developers can get detailed information if they need it.
Project Leader
Classifications
News and Events
Read all of the blog articles about this project here.
Roadmap
As ASP.NET MVC evolves and many of the JavaScript libraries release new updates, this project template needs constant updates. It is intended that this project template remain as current as possible. I would like to add more security features to the site template and add more documentation and helper comments.
Getting Involved
All are welcome to get involved. Simply visit the GitHub site and raise a pull request for your code.
A Visual Studio Project Template which you can download here