|
|
| (24 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | = Themes =
| |
| − | The themes of the .NET Project include:
| |
| − | * Deep, rich guidance for .NET developers in using the security features of .NET
| |
| − | * Guidance for use of OWASP components that are designed for use with .NET
| |
| − | * Information about working with and on OWASP tools built using .NET
| |
| | | | |
| − | = Features =
| |
| − |
| |
| − | Features are parts of the project at a very high level.
| |
| − |
| |
| − | == Guidance ==
| |
| − |
| |
| − | Guidance is documentation that assists .NET developers impleenting the security features of the framework. Current examples include:
| |
| − |
| |
| − | * The [[.NET Security Cheat Sheet]]
| |
| − | * [[.NET Penetration Testing]]
| |
| − |
| |
| − | Topics that require content creation include:
| |
| − |
| |
| − | * Using Rfc2898DeriveBytes for PBKDF2
| |
| − | * Windows Identity Foundation
| |
| − | * AntiXssEncoder
| |
| − | * DPAPI
| |
| − | * Exception Handling
| |
| − | * Anti CSRF Tokens
| |
| − | * Memory Management
| |
| − | * ClickOnce Deployment
| |
| − |
| |
| − | == Components ==
| |
| − |
| |
| − | Components are pieces of software that assist .NET developers in building more secure code. Many updates are needed:
| |
| − |
| |
| − | * [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Dot_NET ESAPI.NET]
| |
| − | * [[.Net CSRF Guard]]
| |
| − | * [https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project_.NET AntiSamy .NET]
| |
| − |
| |
| − | == Projects that use .NET ==
| |
| − |
| |
| − | These are projects that happen to be built in .NET and could use .NET development assistance
| |
| − |
| |
| − | * [[OWASP O2 Platform]]
| |
| − | * [https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET WebGOAT.NET]
| |
| − |
| |
| − | = Ideas =
| |
| − | | |
| | | | |
| | | | |
