This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Autumn of Code 2006 - Projects: Owasp .Net Tools

Revision as of 13:36, 13 October 2006 by Boris (talk | contribs) (Problem to be Addressed)

Jump to: navigation, search

AoC Candidate: Boris

Project Coordinator: Dinis Cruz

Project Progress: xx% Complete - Progress Page

Background and Motivation

History Behind Project

Problem to be Addressed

The number of Web sites and applications is growing rapidly, as well as number of platforms. Microsoft's Web platform is known for its high level of developer productivity, ease of setup and administration and great integration with other, often very widespread, Microsoft products. So, the Microsoft Web platform may be very attractive to individuals and various types of organizations. However, there are still many doubts about how secure it is. Many of these doubts are not backed by specific, measurable data and tests but instead on historical (but not necessarily outdated) data and "word of mouth" type of evidence. Determining how secure an application running on Microsoft's Web platform is usually requires a lot of time and resources. There aren't many tools for testing security aspects of Microsoft's Web platform that make things easier. Even few are publicly available.

Another problem is that, due to a user-friendly nature of the tools provided in Microsoft's products, administering Web sites and applications may seem easier than it sometimes is. Many times these tasks are delegated to people who are not aware of numerous security-related problems (sometimes not even professional IT administrators) that may occur. As a result, many Web sites and applications deployed are insecure.

Benefit to OWASP Members and Community

The deliverables of this project will (hopefully) help OWASP members and community

  • be aware of vulnerabilities and risks involved with their applications before releasing them to general public
  • determine if their applications are deployed in a less than optimal security environment
  • ease patch/hotfix management of their OS/Web server software
  • perhaps even make decisions about the technology stack(s) used

Goals and Deliverables

Plan of Approach


Risks and Rewards

Main Risks

Rewards of Successful Project