This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP .NET Project"

From OWASP

Jump to: navigation, search

Latest revision as of 20:08, 30 August 2018

OWASP .NET Project

The OWASP.NET Project is the clearinghouse for all information related to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services.

The focus of the project is on guidance for developers using the framework, OWASP Components that use .NET, and participation in OWASP projects that use .NET.

Community content is key to security information. The project depends on content from developers throughout the .NET world. Check out the OWASP .Net Project Roadmap for ways to get involved.

Purpose

Provide deep, rich guidance for .NET developers in using the security features of .NET
Create guidance for use of OWASP components that are designed for use with .NET
Focus on information about working with and on OWASP tools built using .NET

Licensing

OWASP .NET Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is the OWASP .NET Project?

Deep, rich guidance for .NET developers in using the security features of .NET
Guidance for use of OWASP components that are designed for use with .NET
Information about working with and on OWASP tools built using .NET

Project Leader

Bill Sempf

Mailing List

OWASP .NET Mailing List

Related Projects

News and Events

[Aug 2018] Added Deserialization
[May 2018] Began IIS Hardening Project
[Mar 2017] Updated the .NET Security Cheat Sheet for .NET Core
[Jan 2016] Added the Two Factor Authentication component
[Feb 2015] Two more articles promoted. Want to build one? See the Roadmap!
[Jan 2015] Three completed articles, and four in progress
[Oct 2014] Promoted our first guidance article from Draft
[Sep 2014] AppSec USA .NET Project Summit
[Mar 2014] Project roadmap
[Feb 2014] Project reboot

Classifications

Overview

The .NET Framework has seen significant security improvement over the last ten years of development. With proper use the core security problems that are seen in web applications, or even Windows executibles, are difficult to exploit.

The key is 'proper use' and that is the goal of the .NET Project - assist with proper use. Education, components and tools that are appropriate for the latest .NET versions should be the focus for output of this project. As tools and information become out of date, they will be moved to a sunset mode, still available to those using older versions of the framework.

Themes

The themes of the .NET Project include:

Deep, rich guidance for .NET developers using the security features of .NET
Access to use of OWASP components that are designed for use with .NET
Information about working with and on OWASP tools built using .NET

Features

Features are parts of the project at a very high level. There are three themes, and they include guidance for developers, components that help to write more secure .NET projects, and tools for general security and testing written in .NET.

Guidance

Guidance is documentation that assists .NET developers implementing the security features of the framework.

In-process guidance

Needed guidance

Components

Components are pieces of software that assist .NET developers in building more secure code. A number of projects exist that are for older versions of .NET. While they are no longer valid for later versions, they are still acceptable for use. Many updates are needed to a number of other projects.

Needed Components

Please suggest needed components.

Projects that use .NET

These are projects that happen to be built in .NET. Many of them could use .NET development assistance:

Ideas

Please send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)

Pages in category "OWASP .NET Project"

The following 58 pages are in this category, out of 58 total.

.

A

C

CRV2 FrameworkSpecIssuesdotNetMVC

D

I

J

JIT prevents short overflow (and PeVerify doesn't catch it)

L

London Chapter WAF event

M

O

P

R

S

T

U

Using Rfc2898DeriveBytes for PBKDF2

W

Media in category "OWASP .NET Project"

The following 2 files are in this category, out of 2 total.

OWASP dotNet 2008.pptx
303 KB
Presentation - .NET Fr...
1.16 MB

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_.NET_Project&oldid=243036"

Categories:

@@ Line 35: / Line 35: @@
 [https://www.owasp.org/index.php/User:Bill_Sempf Bill Sempf]
+== Mailing List ==
+[https://lists.owasp.org/mailman/listinfo/owasp-dotnet OWASP .NET Mailing List]
 == Related Projects ==
-* [[OWASP_Java_Project]]
+* [[OWASP_Project|OWASP Project Repository]]
+* [[Language|Languages Repository]]
-| valign="top"  style="padding-left:25px;width:200px;" |
+* [[Java|Java and JVM]]
+* [[Python|Python]]
+* [[OWASP_Internet_of_Things_Project|OWASP IoT Security]]
+* [[OWASP_Mobile_Security_Project|OWASP Mobile Security]]
+* [[OWASP_Top_Ten_Project|OWASP Web Top 10]]
+| valign="top"  style="padding-left:25px;width:200px;" |
 == News and Events ==
-* [16 Feb 2015] Two more articles promoted. Want to build one? See the Roadmap!
+* [Aug 2018] Added Deserialization
-* [22 Jan 2015] Three completed articles, and four in progress
+* [May 2018] Began IIS Hardening Project
-* [29 Oct 2014] Promoted our first guidance article from Draft
+* [Mar 2017] Updated the .NET Security Cheat Sheet for .NET Core
-* [18 Sep 2014] AppSec USA .NET Project Summit
+* [Jan 2016] Added the Two Factor Authentication component
-* [30 Mar 2014] Project roadmap
+* [Feb 2015] Two more articles promoted. Want to build one? See the Roadmap!
-* [5 Feb 2014] Project reboot
+* [Jan 2015] Three completed articles, and four in progress
+* [Oct 2014] Promoted our first guidance article from Draft
-== Mailing List ==
+* [Sep 2014] AppSec USA .NET Project Summit
-[https://lists.owasp.org/mailman/listinfo/owasp-dotnet OWASP .NET Mailing List]
+* [Mar 2014] Project roadmap
+* [Feb 2014] Project reboot
 ==Classifications==
@@ Line 70: / Line 78: @@
 |}
+=Resources=
+The .NET Project is principally about creating deep, rich guidance for NET developers using the Microsoft .NET Framework's security resources.
+== Detailed Guidance ==
+The following articles describe specific guidance for working with the .NET Framework.
+* The [[.NET Security Cheat Sheet]]
+* [[.NET Penetration Testing]]
-[[Category:OWASP Guide Project]]
+* [[Exception Handling]]
+* [[ASP.NET Request Validation]]
-=Resources=
+* [[ASP.NET Output Encoding]]
+* [[Using Rfc2898DeriveBytes for PBKDF2]]
-The .NET Project is principally about creating deep, rich guidance for NET developers using the Microsoft .NET Framework's security resources.
+* [[Anti CSRF Tokens ASP.NET]]
+* [[Adding two-factor authentication to ASP.NET]]
 == Security Guidance ==
@@ Line 86: / Line 99: @@
 * [[.NET Security Cheat Sheet| .NET Security Cheat Sheet]]
 * [[.NET Penetration Testing| .NET Penetration Testing]]
+* [[Deserialization_Cheat_Sheet| Deserialization Cheat Sheet]]
 The following sections include specific guidance for particular technological problems related to .NET web applications and services:
@@ Line 92: / Line 106: @@
 * [[ASP.NET Request Validation]]
 * [[ASP.NET Output Encoding]]
+== Components ==
+* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Dot_NET ESAPI.NET]
+* [[.Net CSRF Guard]]
+* [https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project_.NET AntiSamy .NET]
+* [[.NET AntiXSS Library]]
+* [https://www.nuget.org/packages/AddTwoFactorToMvc Add Two-Factor to MVC]
 == Recommended Resources ==
@@ Line 104: / Line 126: @@
 ; [[OWASP .NET Research]]
-=Joining the Project=
+= Road Map and Getting Involved =
-==Get involved==
-To get involved join the mailing list (see [[How to join Owasp.Net Mailing List]])
+== Overview ==
-==Project Roadmap==
-The project's high level roadmap can be found at the [[OWASP .Net Project Roadmap]]
+The .NET Framework has seen significant security improvement over the last ten years of development. With proper use the core security problems that are seen in web applications, or even Windows executibles, are difficult to  exploit.
-* Please submit your ideas for articles, content and general feedback to the [[.NET Project Wishlist]].
-* If you'd like to contribute:
+The key is 'proper use' and that is the goal of the .NET Project - assist with proper use. Education, components and tools that are appropriate for the latest .NET versions should be the focus for output of this project. As tools and information become out of date, they will be moved to a sunset mode, still available to those using older versions of the framework.
-# visit the [[Tutorial]],
-# and pick a topic from the [[.NET Project Wishlist]] or suggest a new topic
+== Themes ==
-# or check out our active projects list, [[OWASP .NET Active Projects]], and join one today.
+The themes of the .NET Project include:
-<br />
+* Deep, rich guidance for .NET developers using the security features of .NET
-'''Remember to add the tag: <nowiki>[[Category:OWASP .NET Project]]</nowiki> to the end of new articles so that they're properly categorized.'''
+* Access to use of OWASP components that are designed for use with .NET
-<br />
+* Information about working with and on OWASP tools built using .NET
+== Features ==
+Features are parts of the project at a very high level. There are three themes, and they include guidance for developers, components that help to write more secure .NET projects, and tools for general security and testing written in .NET.
+=== Guidance ===
+Guidance is documentation that assists .NET developers implementing the security features of the framework.
+==== In-process guidance ====
+* [[Windows Identity Foundation]]
+* [[.NET Memory Management]]
+* [[Adding two-factor authentication to ASP.NET]]
+==== Needed guidance ====
+* [[ASP.NET Identity]]
+* [[DPAPI]]
+* [[ClickOnce Deployment]]
+* [[.NET Callbacks - Vulnerabilities and Remediation]]
+* [[Dependency Injection]]
+* [[IoC containers]]
+* [[Preventing SQL Injection in ADO.NET]]
+* [[Authenticated Symmetric Encryption in .NET]]
+=== Components ===
+Components are pieces of software that assist .NET developers in building more secure code. A number of projects exist that are for older versions of .NET. While they are no longer valid for later versions, they are still acceptable for use. Many updates are needed to a number of other projects.
+==== Needed Components ====
+Please suggest needed components.
+=== Projects that use .NET ===
+These are projects that happen to be built in .NET. Many of them could use .NET development assistance:
+* [[OWASP O2 Platform]]
+* [https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET WebGOAT.NET]
+== Ideas ==
+Please send your ideas to the OWASP.Net mailing list (owasp-dotnet@lists.owasp.org)
 =Project Tracker=
 ==Timeline==
-* November 2014 Four completed articles, six in process.
+* January 2016 - Added the Two Factor Authentication component
-* September 2014 AppSec USA
+* January 2015 - Three more completed articles, and four in progress
-* March 2014 Project Roadmap
+* November 2014 - Four completed articles, six in process.
-* February 2014 Project Reboot
+* September 2014 - AppSec USA
+* March 2014 - Project Roadmap
+* February - 2014 Project Reboot
 * May 2009 - Updated tabs, added content recommended by Andre Gironda
 * March 2009 - Converted to new tab format, added Project Tracker tab
@@ Line 162: / Line 230: @@
 * Mohammed Al-Taweel
 * Daniel Brzozowski
+* Lachlan Barclay
 * Bill Sempf
 * Barry Dorrans (Microsoft)
@@ Line 168: / Line 237: @@
 We need more help. Please join the low volume mailing list at [https://lists.owasp.org/mailman/listinfo/owasp-dotnet this address] to get project announcements.
-= Road Map and Getting Involved =
-==What we're doing==
-The themes of the .NET Project include:
-* Deep, rich guidance for .NET developers in using the security features of .NET
-* Guidance for use of OWASP components that are designed for use with .NET
-* Information about working with and on OWASP tools built using .NET
-==Roadmap==
-The [[OWASP .Net Project Roadmap]] has the latest guidance for the project's future. As with all Wiki documents, it is a work in progress.
-We need help, especially with content creation and identifying OWASP projects that are .NET related. If you would like to get involved, please join the [https://lists.owasp.org/mailman/listinfo/owasp-dotnet mailing list] and introduce yourself, or email [https://www.owasp.org/index.php/User:Bill_Sempf Bill Sempf]
+=Project About=
+{{Template:Project About
+| project_name =OWASP .NET Project
+| project_description = The .NET Project is principally about creating deep, rich guidance for NET developers using the Microsoft .NET Framework's security resources.of language specific pages, projects and documents.
+| project_license =CC-BY 3.0 for documentation and GPLv3 for code.
+| project_home_page =
+| leader_name1 = Bill Sempf
+| leader_email1 =
+| leader_username1 = Bill_Sempf
+| contributor_name1 =
+| contributor_email1 =
+| contributor_username1 =
+| mailing_list_name = owasp-dotnet
+}}
 __NOTOC__ <headertabs />
-[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]] [[Category:Technology]]
+[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]] [[Category:Technology]] [[Category:Language]]