This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP .NET Recommended Resources"
From OWASP
(→Blogs & People) |
(Added Resources) |
||
| (28 intermediate revisions by 5 users not shown) | |||
| Line 10: | Line 10: | ||
==OWASP .NET Recommended Resources== | ==OWASP .NET Recommended Resources== | ||
| + | This is a canonical list of outside resources for .NET developers seeking security information. | ||
| − | === | + | ===Blogs & People=== |
| + | |||
| + | [http://securitybuddha.com/ Mark Curphrey's Blog] | ||
| + | |||
| + | [http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog] | ||
| + | |||
| + | [http://blogs.msdn.com/jmeier/archive/tags/Security/default.aspx J.D. Meier's Blog] | ||
| + | |||
| + | [http://www.leastprivilege.com Dominick Baier's Blog] | ||
| − | + | [http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog] | |
| − | + | [http://blogs.msdn.com/ace_team/ Microsoft's ACE Team] | |
| − | + | [http://www.troyhunt.com/ Troy Hunt's Blog] | |
| − | + | [https://www.preemptive.com/blog App Protection Blog] | |
| − | ===Articles & Projects=== | + | ===Advisories, Articles & Projects=== |
| + | |||
| + | [http://msdn.microsoft.com/en-us/library/ee658105.aspx Security and Operational Guidance for .NET Applications] | ||
[http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture] | [http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture] | ||
| + | |||
| + | [http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index] | ||
| + | |||
| + | [http://msdn.microsoft.com/en-us/library/ms998408.aspx patterns & practices Security Guidance for Applications Index] | ||
| + | |||
| + | [http://msdn.microsoft.com/en-us/library/ms954725.aspx patterns & practices Security Guidance for .NET Framework 2.0] | ||
| + | |||
| + | [http://msdn.microsoft.com/en-us/library/Ee817643(pandp.10).aspx Authentication in ASP.NET: .NET Security Guidance] | ||
[http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering] | [http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering] | ||
| Line 31: | Line 50: | ||
[http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications] | [http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications] | ||
| − | [http:// | + | [http://wcfsecurityguide.codeplex.com/ Security Guidance for Windows Communication Foundation] |
| + | |||
| + | [http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)] | ||
| − | [ | + | [https://www.microsoft.com/en-us/sdl Security Development Lifecycle] |
| − | + | ===Online References, Training=== | |
| − | [http:// | + | [http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices] |
| − | [http://msdn.microsoft.com/en-us/ | + | [http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center] |
| − | [http:// | + | [http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources] |
| − | + | [http://pluralsight.com/training/Courses#security Pluralsight Security Course Catalog] | |
| − | [http:// | + | [http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html OWASP Top 10 for .NET developers - Troy Hunt] |
| − | [http:// | + | [http://www.teammentor.net/teamMentor TeamMentor] |
| − | [ | + | [https://docs.microsoft.com/en-us/dotnet/standard/security/ Security in the .NET Framework] |
===Books and Publications=== | ===Books and Publications=== | ||
| Line 62: | Line 83: | ||
[http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom | [http://msdn.microsoft.com/en-gb/security/aa473878.aspx Developer Highway Code], Microsoft Corp, United Kingdom | ||
| + | |||
| + | [http://securitydriven.net/ Security Driven .NET], Stan Drapkin | ||
===Tools=== | ===Tools=== | ||
| − | [http:// | + | [http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing-microsoft-threat-modeling-tool-2014.aspx Microsoft Threat Modeling Tool 2014] |
| − | + | [http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting] | |
| − | [http:// | + | [http://learn.iis.net/page.aspx/473/using-urlscan URLScan] |
| − | [http:// | + | [http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer] |
| − | [http:// | + | [http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection] |
| − | |||
| − | |||
| − | [ | + | [https://docs.microsoft.com/en-us/visualstudio/ide/dotfuscator/ Visual Studio .NET Obfuscator] |
Latest revision as of 12:39, 11 May 2018
| OWASP .NET Quick Reference |
|---|
OWASP .NET Recommended Resources
This is a canonical list of outside resources for .NET developers seeking security information.
Blogs & People
Advisories, Articles & Projects
Security and Operational Guidance for .NET Applications
patterns & practices Security Engineering Index
patterns & practices Security Guidance for Applications Index
patterns & practices Security Guidance for .NET Framework 2.0
Authentication in ASP.NET: .NET Security Guidance
Security Guidance for Windows Communication Foundation
Microsoft Security Advisory (954462) (SQL Injection Advisory)
Security Development Lifecycle
Online References, Training
MSDN Security Developer Center
Pluralsight Security Course Catalog
OWASP Top 10 for .NET developers - Troy Hunt
Security in the .NET Framework
Books and Publications
Writing Secure Code, Michael Howard and David LeBlanc
Microsoft Security Development Lifecycle 3.2
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication, J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
Improving Web Application Security: Threats and Countermeasures, J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan
Developer Highway Code, Microsoft Corp, United Kingdom
Security Driven .NET, Stan Drapkin
Tools
Microsoft Threat Modeling Tool 2014
Microsoft Source Code Analyzer
