copyright © 2008 - the owasp foundation permission is granted to copy, distribute and/or modify...
TRANSCRIPT
Copyright © 2008 - The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/
The OWASP Foundation
OWASP EU
SummitPortugal -
November 2008
http://www.owasp.org/
OWASP .NET
Mark RoxberryOWASP .NET Project Lead
OWASP Summit – Portugal – November 2008 2
Agenda
What and Why OWASP .NET?OWASP .NET Season of Code 2008Project TrackingResources & GuidesActive ProjectsResearch ProjectsHelp Wanted!
OWASP Summit – Portugal – November 2008
What is OWASP .NET and Why?
What is OWASP .NET? A collaborative hub for documentation, tools and
research for .NET web security An objective source of security information A project with broad vision and scope for all
aspects of .NET security
Why OWASP .NET? We need to trust, but verify source code and
security resources for .NET. Our Motivation is not profit, but knowledge (not
that profit is a bad thing)
OWASP Summit – Portugal – November 2008
OWASP .NET Project Season Of Code 2008
I volunteered to take up the mantle and reorganize the OWASP .NET Project and assume a caretaker role.
My goals for the SoC 2008 project are to:Logically redesign the OWASP .NET Project
Wiki, RecategorizationReach out to the .NET security community for
contributionsRaise awareness of OWASP .NET
OWASP Summit – Portugal – November 2008
OWASP .NET Project Contents
Project Tracker
Resources Advisories, Articles and Projects
Online References
Books and Publications
Tools
Blogs & People
Security Guides Architects
Developers
IT Pros
Testers
Incident Response
Active Projects (Tools, Reference Applications, Workspaces)
Research Projects (Documentation, Vulnerability Research)
OWASP Summit – Portugal – November 2008
Project Tracking
Started at the end of the SoC 2008, moderated .NET security resourcesASP.NET Security ForumMSDN Security DeveloperSilverlight Security ForumsMono ForumsALT.NET User Groups
OWASP Summit – Portugal – November 2008
Security Guides
GuidesArchitect.NET Application
LifecycleIdentity and Trust
ConcernsDesign Review &
ChecklistsDeveloperSecure Development
Lifecycle.NET Secure CodingDevelopment Checklists
IT ProfessionalsSecure Server Maintenance and
ConfigurationAuditing, Instrumentation and
DiagnosticsDeployment Scenarios
Penetration Testing
Planning, Attack and ReportingEthical hacking
Incident Response
Incident Response PlanEvidence HandlingRecovery and Continuity
OWASP Summit – Portugal – November 2008
Resources
OWASP Wiki Content.NET ESAPIFull Trust ASP.NET Security VulnerabilitiesMono vs. Medium Trust
Recommended ResourcesThreat Modeling GuidancePatterns and PracticesWeb Service Specifications
OWASP Summit – Portugal – November 2008
Active Projects
OWASP Site GeneratorOWASP Report GeneratorOWASP ESAPI .NETASP.NET Reflector .NET CSRF GuardHACME .NETMONValidator.NET
OWASP Summit – Portugal – November 2008
Research Projects
So much to do, so little time. We have ongoing research in many areas of .NET:
ASP.NET Membership Mono WCF Silverlight Linq Sharepoint Community Server ...
OWASP Summit – Portugal – November 2008
Help Wanted
OWASP .NET Project 2009OWASP .NET Project is ongoingRecruit your friends, peers or mentorsPRIMARY Research!!!
Silverlight Sharepoint ADO.NET Data Services ASP.NET Application Services
OWASP .NET Secure ALM GuideALT.NET, Mono, .NET in the wildYour idea here!