Thursday, May 29, 2008

Introduction

  • OWASP.NET story and Who the heck am I?

Where we've been
  • Timely and targeted content and tools
    • .Net and Partial vs. Full trust
    • Rooting The CLR
    • .Net Assembly Analyzer
    • Owasp Report Generator
    • Owasp Site Generator
  • Great work with content and promotion by Dinis and Mike D, very tactical but maybe unreachable by a non-security developer

OWASP .NET SOC 2008 Goals
  • Balance highly technical content, tools with content to help developers get on board quickly.
  • Provide role based content (e.g. Architects, Developers, Ops, Pen Testers)
  • Get the word out. Remind everyone about us.
  • Participate in our consituent communities in OWASP, .NET and Security.
  • Alt.NET. There is great interest in alternative ideas, methodologies and tools. OWASP .NET can leverage this momentum and attract volunteers from this community.

OWASP .NET Long Term Goals

OWASP .NET In Action
  • Mobilize OWASP .NET resources. Project volunteers can consult technology teams and provide great resources.
OWASP .NET Vulnerability Reviews
  • Initiate projects to review community .NET web projects. How do you secure Flexwiki or Community Server? Has anyone pen tested these apps.
OWASP .NET Code Projects
  • Next generation of OWASP projects, like Report Generator and Site Generator.
  • Guidance and Framework that integrates with ESAPI.NET and other providers (E.g. OpenID). Put it in place, and login controls, access control, auditing/logging/instrumentation visualizers are available.
  • Security testing code projects. NUnit and mock objects are useful tools, maybe a security toolset that includes fuzzing objects, common vulnerabilities, injection, FXCop, Owasp objects. SDD - Security Driven Development.

Call to Action

Join the mailing list

Go to the following page http://lists.owasp.org/mailman/listinfo/owasp-dotnet and fill out the section that says is titled "Subscribing to Owasp-dotnet".

Join a project

http://www.owasp.org/index.php/OWASP_.NET_Active_Projects

Submit ideas for research

http://www.owasp.org/index.php/.NET_Project_Wishlist

Funded Summer of Code projects

For example, see SoC 2008: http://www.owasp.org/index.php/OWASP_Summer_0f_Code_2008_:_Selection

Feel free to contact me with any questions

mailto:mark.roxberry@owasp.org

0 comments: