[Owasp-leaders] NuGet and OWASP Top10 2013 A9

Erlend Oftedal Erlend.Oftedal at BEKK.no
Mon Jun 17 14:29:37 UTC 2013

Great stuff, Dinis. I'll move the it over to the OWASP repo.


Sendt fra min telefon
Fra: Dinis Cruz<mailto:dinis.cruz at owasp.org>
Sendt: ‎17.‎06.‎2013 10:52
Til: owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>
Emne: Re: [Owasp-leaders] NuGet and OWASP Top10 2013 A9

Absolutely, this type of NuGet packages security mapping is something that is really needed, and I really worry about lack of security info that is available for NuGet packages.

Btw, we should move the https://github.com/eoftedal/SafeNuGet into the OWASP GitHub repo, just like we did for https://github.com/OWASP/WebGoat.NET  (I added an issue about it<https://github.com/eoftedal/SafeNuGet/issues/7>)

Also, have you seen my posts on NuGet? Namely how I downloaded the entire NuGet database? (which we could use to create the mappings to add to the SafeNuGet database):

  *   Offline copy of the entire NuGet.org gallery. What should I do with these 4.05 Gbs of amazing .Net Apps/APIs?<http://blog.diniscruz.com/2013/05/offline-copy-of-entire-nugetorg-gallery.html>
  *   Consuming NuGet programmatically outside VisualStudio (downloading the list of packages)<http://blog.diniscruz.com/2013/05/consuming-nuget-programmatically.html>
  *   Retrieving NuGet package programatically using NuGet.exe classes (not command line)<http://blog.diniscruz.com/2013/05/retrieving-nuget-package.html>
  *   Saving the entire list of NuGet Packages<http://blog.diniscruz.com/2013/05/saving-entire-list-of-nuget-packages.html>
  *   Downloading the entire NuGet package database<http://blog.diniscruz.com/2013/05/downloading-entire-nuget-package.html>

Dinis Cruz

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2

On 17 June 2013 09:00, Erlend Oftedal <Erlend.Oftedal at bekk.no<mailto:Erlend.Oftedal at bekk.no>> wrote:

I recently published a tool to warn about the use of insecure NuGet libraries (in the .NET world).
You can find the info at: http://erlend.oftedal.no/blog/?blogid=138

If successful, maybe it could be a new OWASP project.

Best regards
Erlend Oftedal
OWASP Norway Chapter lead

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130617/50ce6132/attachment.html>

More information about the OWASP-Leaders mailing list