[Owasp-leaders] NuGet and OWASP Top10 2013 A9
dinis.cruz at owasp.org
Mon Jun 17 08:51:05 UTC 2013
Absolutely, this type of NuGet packages security mapping is something that
is really needed, and I really worry about lack of security info that is
available for NuGet packages.
Btw, we should move the https://github.com/eoftedal/SafeNuGet into the
OWASP GitHub repo, just like we did for
https://github.com/OWASP/WebGoat.NET (I added an issue
about it <https://github.com/eoftedal/SafeNuGet/issues/7>)
Also, have you seen my posts on NuGet? Namely how I downloaded the entire
NuGet database? (which we could use to create the mappings to add to the
- Offline copy of the entire NuGet.org gallery. What should I do with
these 4.05 Gbs of amazing .Net
- Consuming NuGet programmatically outside VisualStudio (downloading the
list of packages)<http://blog.diniscruz.com/2013/05/consuming-nuget-programmatically.html>
- Retrieving NuGet package programatically using NuGet.exe classes (not
- Saving the entire list of NuGet
- Downloading the entire NuGet package
On 17 June 2013 09:00, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
> I recently published a tool to warn about the use of insecure NuGet
> libraries (in the .NET world).
> You can find the info at: http://erlend.oftedal.no/blog/?blogid=138
> If successful, maybe it could be a new OWASP project.
> Best regards
> Erlend Oftedal
> OWASP Norway Chapter lead
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders