A web application that contains several unit tests for the purpose of .NET security
(Based on the web application I added to a Java console application with similar tests by Dave Wichers)
The purpose of this web app is to test the following vulnerabilities in .NET (click to view their respective code):
- XML External Enitity (XXE) Injection
- A summary of these tests can be found in the OWASP XXE Prevention Cheat Sheet
- NHibernate Query Language (HQL) Injection
- XPath Query Language Injection
- XQuery Query Language Injection
The code can be analyzed by static code tools or deployed as a web application and analyzed via dynamic tools. The underlying C# code can also be used as examples for how to make .NET code safe/unsafe. You can also find detailed comments in the code with each test explaining why it is safe/unsafe.
Please see the INSTRUCTIONS.txt file for information on deploying the web app, as well as instructions for running all the tests programmatically.
(Note: you will need Visual Studio installed)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.