[OWASP-TESTING] ENC: Asp.Net Security Analyser

Cuthbert, Daniel Daniel.Cuthbert at KPMG.co.uk
Mon Oct 13 06:08:03 EDT 2003

Weird, there is also a good paper on ASP.net security vulnerabilities.
i was looking high and low for stuff like this last week and didnt find anything juicy

good paper and even nicer tool

-----Original Message-----
From: Mads Rasmussen [mailto:mads at opencs.com.br]
Sent: 10 October 2003 18:49
To: owasp-testing at lists.sourceforge.net
Subject: [OWASP-TESTING] ENC: Asp.Net Security Analyser

Have you seen this?



-----Mensagem original-----
De: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM] Em nome de Dinis Cruz
Enviada em: quinta-feira, 9 de outubro de 2003 13:19
Assunto: Asp.Net Security Analyser

Hello, we have just released the first stable version of our new Open
Source Project: the Asp.Net Security Analyser (ANSA)

Asp.Net Security Analyser (ANSA) is a Open Source, Windows based, online
tool, that tests the server's security for known vulnerabilities and
mis-configurations. The tool was initially designed to allow the
protection of ISPs that provide shared hosting services. You can
download the source code, use it in your servers and distribute it to
who ever you feel appropriate.

The project's objective is to create an Open Source tool that allows
system administrators (responsible for windows based shared hosting
environments) to easily identify and solve existent security problems.

The current version is focused on identifying security vulnerabilities
such as: remote command execution, pour website isolation (i.e. the user
from website 'A' can see the data from website 'B'), disclosure of
sensitive information (such as usernames/passwords, running processes,
installed services), ability to do a server based port scan, etc..

Eventually the tool should evolve to a "Asp.Net Security Configuration
Tool" where it will also allow the SysAdmins to securely configure their

This project is currently hosted in a Workspace in GotDotNet (
<http://www.gotdotnet.com/> www.gotdotnet.com) and this is the direct
link to the project:

-8740-4b52-924e-320edf64fba5 (if this link doesn't work please visit
this page
http://www.gotdotnet.com/community/workspaces/directory.aspx and search
for 'ANSA')

Thanks for your time, and don't hesitate to contact me if you require
any further help.

Dinis Cruz
.NET Security Consultant
DDPlus ( <http://www.ddplus.net/> www.ddplus.net)

Out of Office replies to list messages cause you to be unsubscribed
automatically. Either subscribe a Public Folder, or ensure you're rules
set to ensure list messages are filtered prior to your Out of Office
Such automatic replies are a bane to posters, and cause us to have fewer
researchers post to NTBugtraq.

This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
owasp-testing mailing list
owasp-testing at lists.sourceforge.net

		Email Disclaimer

This email has been sent from KPMG LLP, a UK limited
liability partnership, or from one of the companies within
its control (which include KPMG Audit Plc , KPMG United
Kingdom Plc and KPMG UK Limited). The information in
this email is confidential and may be legally privileged.
It is intended solely for the addressee.  Access to this
email by anyone else is unauthorised. If you are not the
intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it,
 is prohibited and may be unlawful.  When addressed to
our clients any opinions or advice contained in this email
are subject to the terms and conditions expressed in the
governing KPMG client engagement letter.

More information about the Owasp-testing mailing list