This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Appendix D: Additional important stuff
This Appendix will get updated when necessary and major updates will be noted in the News section of the main project page at https://www.owasp.org/index.php/Category:OWASP_Securing_WebGoat_using_ModSecurity_Project
This wiki in a Word doc
This zipped Word doc (3.1 meg) is a snapshot of the wiki on 28 November 2008 and might be easier to reference than navigating around on the wiki.
File:OWASP ModSecurity Securing WebGoat wiki 28Nov2008.zip
This version, starting on page 9, is in landscape mode which some might find irritating to read. A new version, all in portrait mode, will be uploaded within a week (as of 31 Dec 2008); for now, change to portrait mode within Word (File -> Page Setup -> Portrait) if you want to.
Other material
This zip file (1.4 meg) is a short version and long version of ppt prezos that I gave at the OWASP EU Summit in Portugal on November 3-7, 2008. If somebody can figure out how to stop stupid Powerpoint from automatically inserting the damned bullets, please email me at stephencraig_dot_evans_at_gmail_dot_com or subscribe to the project mailing list at https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity and post a message there.
File:OWASP EU Summit 2008 ModSec on WebGoat.zip
Fixes/enhancements
This section contains fixes and/or enhancements to the rulesets (time permitting).
- Fix for 'rulefile_10_improper-error-handling.conf' (13 Dec 2008):
Their wasn't enough filtering so this rule was being invoked in other situations where it shouldn't have been. Change the first line below and add the 2nd one immediately after like this:
SecRule ARGS:menu "!@eq 1100" "t:none,pass,skip:2" SecRule &ARGS:Username "@eq 0" "t:none,pass,skip:1"
