[Owasp-o2-platform] .NET Framework specific items

dinis cruz dinis.cruz at owasp.org
Tue Aug 10 10:24:09 EDT 2010


As part of my mapping of ideas for the OWASP-DotNet project, I started
writing an entry that listed all .NET Framework specific items.

I have not finished (will work on it on the flight to MSP) but please see
below my first draft list (I will add more details about each item , and I'm
sure that there are a couple items missing)



*O2 Innovations on the .NET Platfrom

Since O2 was build on the .NET platform and for a while now O2 has been used
to program O2, there are  numberous new techniques and technologies that
have been developed which really makes a difference when developing .NET
Applicactions websites:

Here is a list of .NET related tools, scripts and capabilities currently
available in the O2 Platform:

- dynamic script environment which allows quick code snipptet creation and
consumption of referenced librabries
 * Intelisense/CodeComplete support
 * ability to add external references (.dll or .exe)
 * ability to add external file references (which will be dynamically
 * use of extension methods (which can be created in minutes) to create very
simple APIs

- Static Analysis engine: MethodStreams
 * from a starting method, create a new file containing all relevant source

- Static Analysis engine: CodeStreams
 * from a MethodStream, calculate unique data-flow paths

- C# and VB.NET AST Creation and manipulation
 * Search AST
 * Rewrite C#->VB & VB-C#
 * View/Search Comments
 * Easily editor ar create (via AST): types, methods, fields, properties)
and create the respective C# or VB.NET code

- CAT.NET Wrapper
  * Batch invoke CAT.NET
  * Convert CAT.NET Findings into O2Findings (where they can be easily
filtered and manipulated)

- the 'Missing Reflection API''
 * powerful API that exposes all power of .NET's reflection via easy to
consume Extension Methods

- Cmd.exe wrapper that allows FULL input and output interoperability
  * input and output redirection with support for special Keys (like CTRL+C)

- .NET ByteCode/Metadata reader and editor

- SunOfStrike API

- Decompile .NET code

- AppDomain hosting and inject controls in target WinForms

- InputSimulator
   * Control mouse and keyboard

- GUIs created and dynamically exectuted
 * powerful API that allows the easy incrementatal creation of GUIs via easy
to consume Extension methods

- XAML editor
 * GUI and APIs to dynamically edit, preview and consume XAML code

- WPF and WinForms integration
 * APIs that Allow the seamless integration and use of WPF in WInForms
windows and WinForm controls in WPF Applications

- XAML based Image editor

- Video Creator (from screenshots)

- Easily consume xml data feeds and create strongly typed objects for

- Easily consume structured data (via a dynamic Parser)

- Browser Automation
 * powerful and simple scripting environment for controling browser actions
and workflows

- Native support for UnitTest Execution environment (nunit)

- Mbgb wrapper and GUI
 * Animate TraceOver, TraceInto, TraceOut
 * Record execution
 * Mass breakpoint creation
 * View details of loaded dlls
 * Callback ability to execute code on breakpoint

- Precompile website

- Decompile compiled ASP.NET dlls

- create copy of GAC Assemblies

- Dynamically create SVG files

- ViewState Decoder

other research areas:

- Dynamic patching (& fixing) assemblies using PostSharp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100810/fa905cd9/attachment.html 

More information about the Owasp-o2-platform mailing list