1 / 11

OWASP .NET

Mark Roxberry OWASP .NET Project Lead. OWASP .NET. Agenda. What and Why OWASP .NET? OWASP .NET Season of Code 2008 Project Tracking Resources & Guides Active Projects Research Projects Help Wanted!. What is OWASP .NET and Why?. What is OWASP .NET?

chase
Télécharger la présentation

OWASP .NET

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mark Roxberry OWASP .NET Project Lead OWASP .NET

  2. Agenda What and Why OWASP .NET? OWASP .NET Season of Code 2008 Project Tracking Resources & Guides Active Projects Research Projects Help Wanted!

  3. What is OWASP .NET and Why? What is OWASP .NET? • A collaborative hub for documentation, tools and research for .NET web security • An objective source of security information • A project with broad vision and scope for all aspects of .NET security Why OWASP .NET? • We need to trust, but verify source code and security resources for .NET. • Our Motivation is not profit, but knowledge (not that profit is a bad thing)

  4. OWASP .NET Project Season Of Code 2008 • I volunteered to take up the mantle and reorganize the OWASP .NET Project and assume a caretaker role. • My goals for the SoC 2008 project are to: • Logically redesign the OWASP .NET Project Wiki, Recategorization • Reach out to the .NET security community for contributions • Raise awareness of OWASP .NET

  5. OWASP .NET Project Contents • Project Tracker • Resources • Advisories, Articles and Projects • Online References • Books and Publications • Tools • Blogs & People • Security Guides • Architects • Developers • IT Pros • Testers • Incident Response • Active Projects (Tools, Reference Applications, Workspaces) • Research Projects (Documentation, Vulnerability Research)

  6. Project Tracking • Started at the end of the SoC 2008, moderated .NET security resources • ASP.NET Security Forum • MSDN Security Developer • Silverlight Security Forums • Mono Forums • ALT.NET User Groups

  7. Security Guides Guides • Architect .NET Application Lifecycle Identity and Trust Concerns Design Review & Checklists • Developer Secure Development Lifecycle .NET Secure Coding Development Checklists • IT Professionals Secure Server Maintenance and Configuration Auditing, Instrumentation and Diagnostics Deployment Scenarios • Penetration Testing Planning, Attack and Reporting Ethical hacking • Incident Response Incident Response Plan Evidence Handling Recovery and Continuity

  8. Resources • OWASP Wiki Content .NET ESAPI Full Trust ASP.NET Security Vulnerabilities Mono vs. Medium Trust • Recommended Resources Threat Modeling Guidance Patterns and Practices Web Service Specifications

  9. Active Projects • OWASP Site Generator • OWASP Report Generator • OWASP ESAPI .NET • ASP.NET Reflector • .NET CSRF Guard • HACME • .NETMON • Validator.NET

  10. Research Projects So much to do, so little time. We have ongoing research in many areas of .NET: • ASP.NET Membership • Mono • WCF • Silverlight • Linq • Sharepoint • Community Server • ...

  11. Help Wanted • OWASP .NET Project 2009 • OWASP .NET Project is ongoing • Recruit your friends, peers or mentors • PRIMARY Research!!! • Silverlight • Sharepoint • ADO.NET Data Services • ASP.NET Application Services • OWASP .NET Secure ALM Guide • ALT.NET, Mono, .NET in the wild • Your idea here!

More Related