[Owasp-leaders] NuGet and OWASP Top10 2013 A9

Jason Johnson jason.johnson at owasp.org
Thu Jul 25 05:06:19 UTC 2013


I have a FTP SERVER that you can stick them on. Is it the entire NUGET repo?
On Jul 23, 2013, at 12:13 PM, Dinis Cruz wrote:

> Sure, where do you want me to upload the files to?
> 
> I have 4Gbs of NUGet files sitting on my hard-disk
> 
> I would be great to have them somewhere on the interweb:
> 
> - for download
> - extracted and put inside a git repo
> 
> Dinis
> 
> 
> Dinis Cruz
> 
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
> 
> 
> On 17 June 2013 16:10, Jason Johnson <jason.johnson at owasp.org> wrote:
> Can I please help with this? Are you planning on building a repo? Forgive me for not reading your posts but this is big. I am willing to help you anyway I can if you need server space or anything.
> 
> Jason
> 
> On Jun 17, 2013 9:37 AM, "Jason Johnson" <jason.johnson at owasp.org> wrote:
> Im interested in this also. I think its a big deal if we use bad packages.
> 
> On Jun 17, 2013 9:30 AM, "Erlend Oftedal" <Erlend.Oftedal at bekk.no> wrote:
> Great stuff, Dinis. I'll move the it over to the OWASP repo.
> 
> Erlend
> 
> Sendt fra min telefon
> Fra: Dinis Cruz
> Sendt: 17.06.2013 10:52
> Til: owasp-leaders at lists.owasp.org
> Emne: Re: [Owasp-leaders] NuGet and OWASP Top10 2013 A9
> 
> Absolutely, this type of NuGet packages security mapping is something that is really needed, and I really worry about lack of security info that is available for NuGet packages.
> 
> Btw, we should move the https://github.com/eoftedal/SafeNuGet into the OWASP GitHub repo, just like we did for https://github.com/OWASP/WebGoat.NET  (I added an issue about it)
> 
> Also, have you seen my posts on NuGet? Namely how I downloaded the entire NuGet database? (which we could use to create the mappings to add to the SafeNuGet database):
> Offline copy of the entire NuGet.org gallery. What should I do with these 4.05 Gbs of amazing .Net Apps/APIs?
> Consuming NuGet programmatically outside VisualStudio (downloading the list of packages)
> Retrieving NuGet package programatically using NuGet.exe classes (not command line)
> Saving the entire list of NuGet Packages
> Downloading the entire NuGet package database 
> Dinis Cruz
> 
> 
> Dinis Cruz
> 
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
> 
> 
> On 17 June 2013 09:00, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
> Hi
> 
> I recently published a tool to warn about the use of insecure NuGet libraries (in the .NET world).
> You can find the info at: http://erlend.oftedal.no/blog/?blogid=138
> 
> If successful, maybe it could be a new OWASP project.
> 
> Best regards
> Erlend Oftedal
> OWASP Norway Chapter lead
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Jason Johnson
Chapter Leader
OWASP Oklahoma City
jason.johnson at owasp.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130725/5b417020/attachment.html>


More information about the OWASP-Leaders mailing list