Saturday, March 7, 2009

Hi everyone, I'm putting a call out for any .NET security content to add the OWASP .NET project site. What is everyone's current .NET Security concern or challenge? Is it a matter of sorting through resources or lack thereof, lack of tooling, communication to stakeholders? I've seen increased activity in client concerns, not sure if the economy has people more security conscious or what, but I would be interested in your observations.

I have a few items that I've been tracking:

ASP.NET MVC Security - Securing Controller Actions

Silverlight Security - Security Guidance for Writing and Deploying Silverlight Applications

I'm interested in assurance of security controls and real world testing of these platforms. If anyone has related information or has other topics of interest, let me know.

I've been heads down on a few projects and hope to contribute some primary research to the project soon. Specifically, I'm doing some Sharepoint security reviews and best practice checklists that may be of interest to this group. Office Small Business Live is also on my radar as it is Sharepoint and allows for developers to create business applications in .NET, but lives in the "cloud". What concerns do we have for cloud computing?

On a formatting note, I will also be tabifying the .NET project page, like OWASP ESAPI. I expect to see a lot of the OWASP primary project pages adopt the tabification.