[Owasp-leaders] NuGet and OWASP Top10 2013 A9

Dinis Cruz dinis.cruz at owasp.org
Tue Jul 23 17:13:44 UTC 2013


Sure, where do you want me to upload the files to?

I have 4Gbs of NUGet files sitting on my hard-disk

I would be great to have them somewhere on the interweb:

- for download
- extracted and put inside a git repo

Dinis


Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2


On 17 June 2013 16:10, Jason Johnson <jason.johnson at owasp.org> wrote:

> Can I please help with this? Are you planning on building a repo? Forgive
> me for not reading your posts but this is big. I am willing to help you
> anyway I can if you need server space or anything.
>
> Jason
> On Jun 17, 2013 9:37 AM, "Jason Johnson" <jason.johnson at owasp.org> wrote:
>
>> Im interested in this also. I think its a big deal if we use bad packages.
>> On Jun 17, 2013 9:30 AM, "Erlend Oftedal" <Erlend.Oftedal at bekk.no> wrote:
>>
>>>  Great stuff, Dinis. I'll move the it over to the OWASP repo.
>>>
>>> Erlend
>>>
>>> Sendt fra min telefon
>>>  ------------------------------
>>> Fra: Dinis Cruz <dinis.cruz at owasp.org>
>>> Sendt: 17.06.2013 10:52
>>> Til: owasp-leaders at lists.owasp.org
>>> Emne: Re: [Owasp-leaders] NuGet and OWASP Top10 2013 A9
>>>
>>>  Absolutely, this type of NuGet packages security mapping is something
>>> that is really needed, and I really worry about lack of security info that
>>> is available for NuGet packages.
>>>
>>>  Btw, we should move the https://github.com/eoftedal/SafeNuGet into the
>>> OWASP GitHub repo, just like we did for
>>> https://github.com/OWASP/WebGoat.NET  (I added an issue about it<https://github.com/eoftedal/SafeNuGet/issues/7>
>>> )
>>>
>>>  Also, have you seen my posts on NuGet? Namely how I downloaded the
>>> entire NuGet database? (which we could use to create the mappings to add to
>>> the SafeNuGet database):
>>>
>>>    - Offline copy of the entire NuGet.org gallery. What should I do
>>>    with these 4.05 Gbs of amazing .Net Apps/APIs?<http://blog.diniscruz.com/2013/05/offline-copy-of-entire-nugetorg-gallery.html>
>>>    - Consuming NuGet programmatically outside VisualStudio (downloading
>>>    the list of packages)<http://blog.diniscruz.com/2013/05/consuming-nuget-programmatically.html>
>>>    - Retrieving NuGet package programatically using NuGet.exe classes
>>>    (not command line)<http://blog.diniscruz.com/2013/05/retrieving-nuget-package.html>
>>>    - Saving the entire list of NuGet Packages<http://blog.diniscruz.com/2013/05/saving-entire-list-of-nuget-packages.html>
>>>    - Downloading the entire NuGet package database<http://blog.diniscruz.com/2013/05/downloading-entire-nuget-package.html>
>>>
>>>
>>> Dinis Cruz
>>>
>>>
>>> Dinis Cruz
>>>
>>> Blog: http://diniscruz.blogspot.com
>>> Twitter: http://twitter.com/DinisCruz
>>> Web: http://www.owasp.org/index.php/O2
>>>
>>>
>>> On 17 June 2013 09:00, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
>>>
>>>>   Hi
>>>>
>>>>  I recently published a tool to warn about the use of insecure NuGet
>>>> libraries (in the .NET world).
>>>> You can find the info at: http://erlend.oftedal.no/blog/?blogid=138
>>>>
>>>>  If successful, maybe it could be a new OWASP project.
>>>>
>>>>  Best regards
>>>>  Erlend Oftedal
>>>> OWASP Norway Chapter lead
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130723/bfa72841/attachment.html>


More information about the OWASP-Leaders mailing list