Thank you for visiting OWASP.org. We recently migrated our community to a new web platform and regretably the content for this page needed to be programmatically ported from its previous wiki page. There’s still some work to be done. The historical content can be found here.

Please visit our Page Migration Guide for more information about updating pages for the new website as well as examples of github markdown.

The OWASP.NET Project is the clearinghouse for all information related to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services.

The focus of the project is on guidance for developers using the framework, OWASP Components that use .NET, and participation in OWASP projects that use .NET. While the remainder of the pages are completed, here are the current articles:

The .NET Security Cheat Sheet
Exception Handling
ASP.NET Request Validation
ASP.NET Output Encoding
Using Rfc2898DeriveBytes for PBKDF2
Anti CSRF Tokens ASP.NET
Adding two-factor authentication to ASP.NET

We are still migrating the project to Markdown. There is a link to the original page on the homepage, but we are no longer allowed to link to it.