This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of ".NET Penetration Testing"

From OWASP
Jump to: navigation, search
(Online Media (Podcasts, Webcasts, Presentations, eBooks etc.): deprecated.)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{| align="right" class="wikitable"
+
{| class="wikitable" align="right"
 
|-
 
|-
 
! .NET Security Quick Reference
 
! .NET Security Quick Reference
Line 21: Line 21:
 
*Reporting
 
*Reporting
  
===Articles===
+
===Blogs, Articles & Projects===
 +
[[OWASP .NET Vulnerability Research]]
  
 +
[https://www.microsoft.com/en-us/sdl Microsoft SDL (Secure Development Lifecycle)]
 +
 +
[https://docs.microsoft.com/en-us/aspnet/core/security/ .NET CORE Security]
 +
 +
[https://blogs.technet.microsoft.com/msrc/ Microsoft Security Research Center (MSRC)]
  
 
===References===
 
===References===
 
[http://www.owasp.org/index.php/Rooting_The_CLR Rooting the CLR (Draft)]
 
[http://www.owasp.org/index.php/Rooting_The_CLR Rooting the CLR (Draft)]
  
[http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf Guideline on Network Security Testing]
+
[http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf NIST 800-42 Guideline on Network Security Testing]
 +
 
 +
[http://www.isecom.org/osstmm ISECOM Open Source Security Testing Methodology Manual]
 +
 
 +
[http://www.oissg.org/issaf/index.php OISSG Information Systems Security Assessment Framework (ISSAF)]
  
 
===Tools===
 
===Tools===
 
[http://www.owasp.org/index.php/Source_Code_Audit_Tools Source Code Audit Tools]
 
[http://www.owasp.org/index.php/Source_Code_Audit_Tools Source Code Audit Tools]

Latest revision as of 13:29, 24 January 2018

.NET Security Quick Reference

.NET Penetration Testing

Plan, Discover, Attack and Report - this section is for tools, checklists and references for penetration testing .NET web applications and services.

Areas of Concern

  • Planning the hack
  • Ethically hacking
  • Attack Vectors
  • Intelligence gathering
  • Reporting

Blogs, Articles & Projects

OWASP .NET Vulnerability Research

Microsoft SDL (Secure Development Lifecycle)

.NET CORE Security

Microsoft Security Research Center (MSRC)

References

Rooting the CLR (Draft)

NIST 800-42 Guideline on Network Security Testing

ISECOM Open Source Security Testing Methodology Manual

OISSG Information Systems Security Assessment Framework (ISSAF)

Tools

Source Code Audit Tools