[Owasp-dotnet] I need a co-writer/gost-writer/co-author...

Dinis Cruz dinis at ddplus.net
Sat Oct 15 16:06:06 EDT 2005 

Helo Jefferey

 Thanks for your offer, which I am happy to accept.

 I had a quick look at your IIS resources site and it looks quite good. I did notice that the Owasp-dotnet tools were not there (probably my fault). What is the process to put them  there  ?

 Regarding the articles, I would like your help in writing one or more articles covering:

     - The fact that (by default) IIS 6.0 Metabase ACLs give Read Privileges to the IIS_WPG group (which mean that any Full Trust Asp.Net script is able to read all details from all hosted websites (including the anonymous passwords))
     - The fact that the ONLY real benefits in security in IIS 6.0 when compared with IIS 5.0 is better external security (i.e. attacks from external malicious users). 
     - The fact that IIS 6.0 is NOT able to sustain (i.e. survive) and attack from a malicious Full Trust Asp.Net script executed in one of it's application pools
     - The fact that Full Trust Asp.Net running in IIS 6.0 is Insecure by Default, by Design and in Deployment.

 I have the material to back these claims, and have lots of notes, but don't have the time to make them into final articles. We are just about to set-up a Wiki in www.owasp.net so we could do it over there

 Best regards

 Dinis Cruz
 Owasp-dotNet

----------------------------------------
From: "Jeffrey C. Tindillier" <webmaster at iis-resources.com>
Sent: 15 October 2005 15:40
To: dinis at ddplus.co.uk
Subject: Re: [Owasp-dotnet] I need a co-writer/gost-writer/co-author... 

 Dinis -

 We run the largest IIS Support hub out side of Microsoft & have had almost 2 million page views this year.   We would be interested in helping and also possibly hosting some of the articles related to IIS / .NET.  Please let me know what your thoughts are on this.  

 Best regards
 -- 
Jeffrey C. Tindillier, CIW
Microsoft MVP - IIS

President & CEO - IIS Resources, Inc. 
--------------------------------------
http://www.iis-resources.com  

 Dinis Cruz wrote: I need a co-writer/gost-writer/co-author to transform my posts into blogs and articles (some of them will be paid)

 I just don't have the time to do it at the moment

 Is anybody out there interrested?

 Dinis


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-dotnet/attachments/20051015/9a401437/attachment.html

More information about the Owasp-dotnet mailing list