Difference between revisions of "OWASP Securing WebGoat using ModSecurity Project"
From OWASP
m (→Appendix A: The WebGoat solutions (borrowed from the OWASP WebGoat project)) |
m (changed TOC) |
||
| Line 48: | Line 48: | ||
4.5 The mitigating solutions | 4.5 The mitigating solutions | ||
| − | |||
| − | |||
| − | |||
| − | |||
==Appendix A: The WebGoat lesson plans and solutions== | ==Appendix A: The WebGoat lesson plans and solutions== | ||
Revision as of 01:45, 24 July 2008
Contents
Introduction
1.1 Background
1.2 Purpose
1.3 Talks and deliverables
1.4 Future development and long-term vision
1.5 Contributors
WebGoat
2.1 Overview
2.2 How it works
2.3 Lesson Table Of Contents
2.4 Overview of lesson results
ModSecurity protecting WebGoat at 50%
3.1 Project Setup and Environment
3.2 Doing the WebGoat lessons - tips and tricks
3.3 Project organization
3.3.1 ModSecurity rules
3.3.2 SecDirData directory
3.3.3 Error pages
3.3.4 Informational and debug messages
Mitigating the WebGoat lessons
4.1 Project metrics
4.2 Overall strategy
4.3 Using the Lua scripting language
4.4 Structure of mitigating a lesson
4.5 The mitigating solutions
