The purpose of this site is twofold:
Raise awareness of web application security mechanisms
Many of the security mechanisms demonstrated on this site are very easy to employ — while they also give a significant boost to the security of a website. The HTTP security headers is a prime example. Still, various reports indicate that e.g. the HTTP security headers are not widely used on sites around the Internet. By demonstrating the merits of web application security mechanisms and making those demos easily available, we can hopefully increase awareness outside the application security community.
Demonstrate the NWebsec library
The NWebsec library aims to make it as easy as possible to enable web application security mechanisms in ASP.NET applications. To avoid having security mechanisms hardcoded around a web application, NWebsec lets you control security mechanisms through configuration for ASP.NET applications. If you're developing an MVC application, NWebsec also lets you do the same through filter attributes.
See the NWebsec project on Codeplex to learn more. There you'll also find links to the NuGet packages.
Comments and feedback
If you have a suggestion for improvement to this site or find a bug, please get in touch. One option would be Twitter, which increases the likelihood of a prompt response. If your feedback cannot be represented in 140 characters you are also welcome to get in touch by electronic mail: nwebsec (at) nwebsec (dot) com.
Who's running this?
This site is maintained by André N. Klingsheim, who also happens to be the guy developing the
NWebsec ASP.NET security library.
You can find him on Twitter: @klingsen. You can find his
recent ramblings where (string.Length() > 140) on his blog: www.dotnetnoob.com.
You might also want to check out his other project: TransformTool, which lets you easily apply a series of encoding operations to a given input.