[Owasp-leaders] NuGet and OWASP Top10 2013 A9

Jason Johnson jason.johnson at owasp.org
Mon Jun 17 14:37:00 UTC 2013


Im interested in this also. I think its a big deal if we use bad packages.
On Jun 17, 2013 9:30 AM, "Erlend Oftedal" <Erlend.Oftedal at bekk.no> wrote:

>  Great stuff, Dinis. I'll move the it over to the OWASP repo.
>
> Erlend
>
> Sendt fra min telefon
>  ------------------------------
> Fra: Dinis Cruz <dinis.cruz at owasp.org>
> Sendt: 17.06.2013 10:52
> Til: owasp-leaders at lists.owasp.org
> Emne: Re: [Owasp-leaders] NuGet and OWASP Top10 2013 A9
>
>  Absolutely, this type of NuGet packages security mapping is something
> that is really needed, and I really worry about lack of security info that
> is available for NuGet packages.
>
>  Btw, we should move the https://github.com/eoftedal/SafeNuGet into the
> OWASP GitHub repo, just like we did for
> https://github.com/OWASP/WebGoat.NET  (I added an issue about it<https://github.com/eoftedal/SafeNuGet/issues/7>
> )
>
>  Also, have you seen my posts on NuGet? Namely how I downloaded the
> entire NuGet database? (which we could use to create the mappings to add to
> the SafeNuGet database):
>
>    - Offline copy of the entire NuGet.org gallery. What should I do with
>    these 4.05 Gbs of amazing .Net Apps/APIs?<http://blog.diniscruz.com/2013/05/offline-copy-of-entire-nugetorg-gallery.html>
>    - Consuming NuGet programmatically outside VisualStudio (downloading
>    the list of packages)<http://blog.diniscruz.com/2013/05/consuming-nuget-programmatically.html>
>    - Retrieving NuGet package programatically using NuGet.exe classes
>    (not command line)<http://blog.diniscruz.com/2013/05/retrieving-nuget-package.html>
>    - Saving the entire list of NuGet Packages<http://blog.diniscruz.com/2013/05/saving-entire-list-of-nuget-packages.html>
>    - Downloading the entire NuGet package database<http://blog.diniscruz.com/2013/05/downloading-entire-nuget-package.html>
>
>
> Dinis Cruz
>
>
> Dinis Cruz
>
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
>
>
> On 17 June 2013 09:00, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
>
>>   Hi
>>
>>  I recently published a tool to warn about the use of insecure NuGet
>> libraries (in the .NET world).
>> You can find the info at: http://erlend.oftedal.no/blog/?blogid=138
>>
>>  If successful, maybe it could be a new OWASP project.
>>
>>  Best regards
>>  Erlend Oftedal
>> OWASP Norway Chapter lead
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130617/8221d04e/attachment.html>


More information about the OWASP-Leaders mailing list