[Owasp-dotnet] RE: Owasp-dotnet digest, Vol 1 #121 - 1 msg

Carlos Bittencourt braziland at gmail.com
Mon Dec 20 08:59:38 EST 2004 

Hi, 
the first thing I can see is that the downloads all have the same name
(the name of the projecgt you're downloading from). Everytime you
download something it doesn't have an extension, just the name of the
project.

I only had time to test the .Text project (which I'm going to be
setting up soon on my website), so I'm not sure if that problem was
that the files were named poorly that way or if this is an actual
"flaw". It should be a simple fix in the way the headers are being
passed for the download.

Thanks,
Carlos


On Mon, 20 Dec 2004 09:44:02 +0000, Dinis Cruz <dinis at ddplus.net> wrote:
> Hello Delmar
> 
> We are trying to develop such a Module here at Owasp-DotNet.
> 
> Kerem Kusmezer (keremkusmezer at superonline.com) is currently leading this
> development and he needs some support and help (I also hope that this
> week I will be able to start contributing to this project.)
> 
> I think that there is a great need in the market for such HttpModule
> since it is a great way to deal with the problem. That was something
> that was on my plans for quite a while and I was very happy when Kerem
> appeared in the picture (about 1 month ago) with is beta version. So
> please all members, go to http://workspaces.gotdotnet.com/defapp, test
> it and contribute.
> 
> Kerem needs help.
> 
> If we get this right we could create one of the best Asp.Net Intrusion
> Detection and Prevention tools out there.
> 
> Dinis
> 
> Delmar Stewart wrote:
> 
> >Mark,
> >
> >Thank you for keeping me on your list to date. I am a Director of SW
> >Development for a small company and find great value in reading the email
> >publications that are send by the group.  I hope that you will keep me on
> >your future list, even though I am not a real contributor (due to time
> >constraints).
> >
> >We are beefing up our Code Security and Risk Management practices and in the
> >future if I become aware of anything that we could add we will.
> >
> >We are currently undergoing Penetration tests and Security based code
> >reviews for several applications.  We have been told of a HTTP Module in
> >.NET that would filter out SQL injections and XSS hacks, but have not been
> >able to find such a thing. We are familiar with HTTP Modules, we just have
> >not seen one that we could use for analyzing text in the request object
> >other that the query string. We even called in a Microsoft trouble ticket
> >and they say we are the first to ask for this.
> >
> >Are you aware of a HTTP Module that has been built to filter all HTTP
> >requests for hack attacks?
> >
> >
> >Thank you,
> >
> >Delmar Stewart
> >
> >
> >-----Original Message-----
> >From: owasp-dotnet-admin at lists.sourceforge.net
> >[mailto:owasp-dotnet-admin at lists.sourceforge.net] On Behalf Of
> >owasp-dotnet-request at lists.sourceforge.net
> >Sent: Saturday, December 18, 2004 11:15 PM
> >To: owasp-dotnet at lists.sourceforge.net
> >Subject: Owasp-dotnet digest, Vol 1 #121 - 1 msg
> >
> >Send Owasp-dotnet mailing list submissions to
> >       owasp-dotnet at lists.sourceforge.net
> >
> >To subscribe or unsubscribe via the World Wide Web, visit
> >       https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
> >or, via email, send a message with subject or body 'help' to
> >       owasp-dotnet-request at lists.sourceforge.net
> >
> >You can reach the person managing the list at
> >       owasp-dotnet-admin at lists.sourceforge.net
> >
> >When replying, please edit your Subject line so it is more specific
> >than "Re: Contents of Owasp-dotnet digest..."
> >
> >
> >Today's Topics:
> >
> >   1. Possible OWASP - Tomoye and .NET Security Lib (Mark Curphey)
> >
> >--__--__--
> >
> >Message: 1
> >From: "Mark Curphey" <mark at curphey.com>
> >To: <owasp-dotnet at lists.sourceforge.net>
> >Date: Sat, 18 Dec 2004 18:20:23 -0500
> >Subject: [Owasp-dotnet] Possible OWASP - Tomoye and .NET Security Lib
> >
> >Hi People
> >
> >I know a few people were interested in building some portal code and looking
> >at DNN and others but realistically with peoples busy schedules and given
> >the current pressure of OWASP really suffering without a decent community
> >site we are looking at using www.tomoye.com (which is incidentally written
> >in .NET) in the near future.
> >
> >On another note a few people have written to me asking if we have any useful
> >security libraries written in .NET similar to the OWASP Common Library in
> >Java. My answer is always no, but it seemed to me this is a great
> >opportunity to build one. It will be easy for people to submit small
> >snippets of code that can be refactored. If you haven't contacted me within
> >two weeks with an offer of code we will clean this list out as it seems to
> >be full of lurkers (shame on you). OWASP has kinda faltered for the last
> >year, its time to kick it back into action.
> >
> >So if anyone wants to post useful security related code to this list that is
> >ideally  and license copyright free (must be able to be open sourced), I
> >will maintain a copy, refactor it and maintain a CVS tree. If not you can
> >read the archives ;-)
> >
> >You can look at http://www.spidynamics.com/collateral/SecureOBJ.pdf for
> >inspiration or better stillhttp://cvs.sourceforge.net/viewcvs.py/owasp/ocl/
> >
> >Anyone want to offer to grapple with VS.Net and make an add-in ;-)
> >
> >Mark
> >
> >
> >
> >
> >
> >--__--__--
> >
> >_______________________________________________
> >Owasp-dotnet mailing list
> >Owasp-dotnet at lists.sourceforge.net
> >https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
> >
> >
> >End of Owasp-dotnet Digest
> >
> >
> >
> >-------------------------------------------------------
> >SF email is sponsored by - The IT Product Guide
> >Read honest & candid reviews on hundreds of IT Products from real users.
> >Discover which products truly live up to the hype. Start reading now.
> >http://productguide.itmanagersjournal.com/
> >_______________________________________________
> >Owasp-dotnet mailing list
> >Owasp-dotnet at lists.sourceforge.net
> >https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
> >
> >
> >
> >
> >
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Owasp-dotnet mailing list
> Owasp-dotnet at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
> 


-- 
"Actually, any computer can do that... it's up to the user to know how."

More information about the Owasp-dotnet mailing list