This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP .Net Project Roadmap"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
= Overview =
 +
 +
The .NET Framework has seen significant security improvement over the last ten years of development. With proper use the core security problems that are seen in web applications, or even Windows executibles, are difficult to  exploit.
 +
 +
The key is 'proper use' and that is the goal of the .NET Project - assist with proper use. Education, components and tools that are appropriate for the latest .NET versions should be the focus for output of this project. As tools and information become out of date, they will be moved to a sunset mode, still available to those using older versions of the framework.
 +
 
= Themes =
 
= Themes =
 
The themes of the .NET Project include:
 
The themes of the .NET Project include:
Line 7: Line 13:
 
= Features =  
 
= Features =  
  
Features are parts of the project at a very high level.
+
Features are parts of the project at a very high level. There are three themes, and they include guidance for developers, components that help to write more secure .NET projects, and tools for general security and testing written in .NET.
  
 
== Guidance ==
 
== Guidance ==
  
Guidance is documentation that assists .NET developers impleenting the security features of the framework. Current examples include:
+
Guidance is documentation that assists .NET developers implementing the security features of the framework. Current examples include:
  
 
* The [[.NET Security Cheat Sheet]]
 
* The [[.NET Security Cheat Sheet]]
 
* [[.NET Penetration Testing]]
 
* [[.NET Penetration Testing]]
 
Topics that require content creation include:
 
 
* Using Rfc2898DeriveBytes for PBKDF2
 
* Windows Identity Foundation
 
* AntiXssEncoder
 
* DPAPI
 
* Exception Handling
 
* Anti CSRF Tokens
 
* Memory Management
 
* ClickOnce Deployment
 
  
 
== Components ==  
 
== Components ==  
  
Components are pieces of software that assist .NET developers in building more secure code. Many updates are needed:
+
Components are pieces of software that assist .NET developers in building more secure code. A number of projects exist that are for older versions of .NET. While they are no longer valid for later versions, they are still acceptable for use. Many updates are needed to a number of other projects.
  
 
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Dot_NET ESAPI.NET]
 
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Dot_NET ESAPI.NET]
Line 37: Line 32:
 
== Projects that use .NET ==
 
== Projects that use .NET ==
  
These are projects that happen to be built in .NET and could use .NET development assistance
+
These are projects that happen to be built in .NET. MAny of them could use .NET development assistance:
  
 
* [[OWASP O2 Platform]]
 
* [[OWASP O2 Platform]]

Revision as of 02:30, 2 April 2014

Overview

The .NET Framework has seen significant security improvement over the last ten years of development. With proper use the core security problems that are seen in web applications, or even Windows executibles, are difficult to exploit.

The key is 'proper use' and that is the goal of the .NET Project - assist with proper use. Education, components and tools that are appropriate for the latest .NET versions should be the focus for output of this project. As tools and information become out of date, they will be moved to a sunset mode, still available to those using older versions of the framework.

Themes

The themes of the .NET Project include:

  • Deep, rich guidance for .NET developers in using the security features of .NET
  • Guidance for use of OWASP components that are designed for use with .NET
  • Information about working with and on OWASP tools built using .NET

Features

Features are parts of the project at a very high level. There are three themes, and they include guidance for developers, components that help to write more secure .NET projects, and tools for general security and testing written in .NET.

Guidance

Guidance is documentation that assists .NET developers implementing the security features of the framework. Current examples include:

Components

Components are pieces of software that assist .NET developers in building more secure code. A number of projects exist that are for older versions of .NET. While they are no longer valid for later versions, they are still acceptable for use. Many updates are needed to a number of other projects.

Projects that use .NET

These are projects that happen to be built in .NET. MAny of them could use .NET development assistance:

Ideas

Please send your ideas to the OWASP.Net mailing list ([email protected])