This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Project Information:template Securing WebGoat using ModSecurity - 50 Review - Self Evaluation - A

From OWASP
Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Securing WebGoat using ModSecurity Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The main goal of solving 50% of the WebGoat vulnerabilities has been achieved. The final goal is 90%; 25 out of possible 47 to 50 lessons (subject to interpretation) were solved. See "Section 1: Tasks & Deliverables" at

http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_1_Introduction, and "Section 4: Project metrics" at http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

I would guess that 70-75% of the effort needed to complete the project has been done. Everything was new to me: WebGoat (and I was using a beta version), ModSecurity, wikis; and researching and learning more about the classes and types of vulnerabilities have taken quite a bit of effort. As an 8 week veteran of ModSecurity, knowing now how WebGoat works and reaearching the remaining WebGoat vulnerabilities, I believe that solving the rest of the WebGoat lessons (90% or more) will be much easier.

3. What kind of help is required either from the Reviewers or from the OWASP Community?

I have already received excellent feedback and guidance from Ryan Barnett. Of course, more feedback, criticism, and comments from the other reviewers are welcome.

Retrieved from "https://wiki.owasp.org/index.php?title=Project_Information:template_Securing_WebGoat_using_ModSecurity_-_50_Review_-_Self_Evaluation_-_A&oldid=36365"