Difference between revisions of "OWASP .NET Recommended Resources"

Latest revision as of 12:39, 11 May 2018

OWASP .NET Quick Reference
OWASP Code Review Project OWASP Testing Guide

1 OWASP .NET Recommended Resources

OWASP .NET Recommended Resources

This is a canonical list of outside resources for .NET developers seeking security information.

Books and Publications

Writing Secure Code, Michael Howard and David LeBlanc

Microsoft Security Development Lifecycle 3.2

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication, J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy

Improving Web Application Security: Threats and Countermeasures, J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Developer Highway Code, Microsoft Corp, United Kingdom

Security Driven .NET, Stan Drapkin

Tools

Microsoft Threat Modeling Tool 2014

Anti-Cross Site Scripting

URLScan

Microsoft Source Code Analyzer

MS Source Code Analyser for SQL Injection

Visual Studio .NET Obfuscator

@@ Line 10: / Line 10: @@
 ==OWASP .NET Recommended Resources==
+This is a canonical list of outside resources for .NET developers seeking security information.
-===Areas of Concern===
-*Getting Started
-*Tutorials
-*Best Practices
-*OWASP Guidance and Tools
 ===Blogs & People===
-===== OWASP =====
-; [https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]
-==== General ====
 [http://securitybuddha.com/ Mark Curphrey's Blog]
 [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]
-[http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]
+[http://blogs.msdn.com/jmeier/archive/tags/Security/default.aspx J.D. Meier's Blog]
 [http://www.leastprivilege.com Dominick Baier's Blog]
@@ Line 38: / Line 25: @@
 [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]
+[http://www.troyhunt.com/ Troy Hunt's Blog]
+[https://www.preemptive.com/blog App Protection Blog]
 ===Advisories, Articles & Projects===
-[http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]
+[http://msdn.microsoft.com/en-us/library/ee658105.aspx Security and Operational Guidance for .NET Applications]
 [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]
@@ Line 51: / Line 42: @@
 [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0]
-[http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]
+[http://msdn.microsoft.com/en-us/library/Ee817643(pandp.10).aspx Authentication in ASP.NET: .NET Security Guidance]
 [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]
@@ Line 59: / Line 50: @@
 [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]
-[http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]
+[http://wcfsecurityguide.codeplex.com/ Security Guidance for Windows Communication Foundation]
 [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]
-===Online References===
+[https://www.microsoft.com/en-us/sdl Security Development Lifecycle]
+===Online References, Training===
 [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]
-[http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage Patterns and Practices Security Wiki]
 [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]
 [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]
+[http://pluralsight.com/training/Courses#security Pluralsight Security Course Catalog]
+[http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html OWASP Top 10 for .NET developers - Troy Hunt]
+[http://www.teammentor.net/teamMentor TeamMentor]
+[https://docs.microsoft.com/en-us/dotnet/standard/security/ Security in the .NET Framework]
 ===Books and Publications===
@@ Line 84: / Line 83: @@
 [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom
+[http://securitydriven.net/ Security Driven .NET], Stan Drapkin
 ===Tools===
-[http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]
+[http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing-microsoft-threat-modeling-tool-2014.aspx Microsoft Threat Modeling Tool 2014]
-[http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]
-[http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]
 [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]
@@ Line 99: / Line 96: @@
 [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]
-[http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]
+[http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]
-[http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]
+[https://docs.microsoft.com/en-us/visualstudio/ide/dotfuscator/ Visual Studio .NET Obfuscator]

Difference between revisions of "OWASP .NET Recommended Resources"

Latest revision as of 12:39, 11 May 2018

OWASP .NET Recommended Resources

Blogs & People

Advisories, Articles & Projects

Online References, Training

Books and Publications

Tools

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools