.NET Security Unit Tests
A web application that contains several unit tests for the purpose of .NET security
The purpose of this web app is to test the following vulnerabilities in .NET (click to view their respective code):
- XML External Enitity (XXE) Injection
- A summary of these tests can be found in the OWASP XXE Prevention Cheat Sheet
- NHibernate Query Language (HQL) Injection
- XPath Query Language Injection
- XQuery Query Language Injection
The code can be analyzed by static code tools or deployed as a web application and analyzed via dynamic tools. The underlying C# code can also be used as examples for how to make .NET code safe/unsafe. You can also find detailed comments in the code with each test explaining why it is safe/unsafe.
Please see the INSTRUCTIONS.txt file for information on deploying the web app, as well as instructions for running all the tests programmatically.
(Note: you will need Visual Studio installed)
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.