Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit The OWASP Foundation OWASP EU Summit Portugal - November OWASP.NET Mark Roxberry OWASP.NET Project Lead

OWASP Summit – Portugal – November Agenda  What and Why OWASP.NET?  OWASP.NET Season of Code 2008  Project Tracking  Resources & Guides  Active Projects  Research Projects  Help Wanted!

OWASP Summit – Portugal – November 2008 What is OWASP.NET and Why? What is OWASP.NET?  A collaborative hub for documentation, tools and research for.NET web security  An objective source of security information  A project with broad vision and scope for all aspects of.NET security Why OWASP.NET?  We need to trust, but verify source code and security resources for.NET.  Our Motivation is not profit, but knowledge (not that profit is a bad thing)

OWASP Summit – Portugal – November 2008 OWASP.NET Project Season Of Code 2008  I volunteered to take up the mantle and reorganize the OWASP.NET Project and assume a caretaker role.  My goals for the SoC 2008 project are to:  Logically redesign the OWASP.NET Project Wiki, Recategorization  Reach out to the.NET security community for contributions  Raise awareness of OWASP.NET

OWASP Summit – Portugal – November 2008 OWASP.NET Project Contents  Project Tracker  Resources  Advisories, Articles and Projects  Online References  Books and Publications  Tools  Blogs & People  Security Guides  Architects  Developers  IT Pros  Testers  Incident Response  Active Projects (Tools, Reference Applications, Workspaces)  Research Projects (Documentation, Vulnerability Research)

OWASP Summit – Portugal – November 2008 Project Tracking  Started at the end of the SoC 2008, moderated.NET security resources  ASP.NET Security Forum  MSDN Security Developer  Silverlight Security Forums  Mono Forums  ALT.NET User Groups

OWASP Summit – Portugal – November 2008 Security Guides Guides  Architect.NET Application Lifecycle Identity and Trust Concerns Design Review & Checklists  Developer Secure Development Lifecycle.NET Secure Coding Development Checklists  IT Professionals Secure Server Maintenance and Configuration Auditing, Instrumentation and Diagnostics Deployment Scenarios  Penetration Testing Planning, Attack and Reporting Ethical hacking  Incident Response Incident Response Plan Evidence Handling Recovery and Continuity

OWASP Summit – Portugal – November 2008 Resources  OWASP Wiki Content.NET ESAPI Full Trust ASP.NET Security Vulnerabilities Mono vs. Medium Trust  Recommended Resources Threat Modeling Guidance Patterns and Practices Web Service Specifications

OWASP Summit – Portugal – November 2008 Active Projects  OWASP Site Generator  OWASP Report Generator  OWASP ESAPI.NET  ASP.NET Reflector .NET CSRF Guard  HACME .NETMON  Validator.NET

OWASP Summit – Portugal – November 2008 Research Projects So much to do, so little time. We have ongoing research in many areas of.NET:  ASP.NET Membership  Mono  WCF  Silverlight  Linq  Sharepoint  Community Server ...

OWASP Summit – Portugal – November 2008 Help Wanted  OWASP.NET Project 2009  OWASP.NET Project is ongoing  Recruit your friends, peers or mentors  PRIMARY Research!!!  Silverlight  Sharepoint  ADO.NET Data Services  ASP.NET Application Services  OWASP.NET Secure ALM Guide  ALT.NET, Mono,.NET in the wild  Your idea here!