Difference between revisions of "OWASP Securing WebGoat using ModSecurity Project"
(→[http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons Mitigating the WebGoat lessons]) |
(→[http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_3_ModSecurity_WebGoat_at_50_percent ModSecurity protecting WebGoat]) |
||
| Line 27: | Line 27: | ||
3.2 Doing the WebGoat lessons - tips and tricks | 3.2 Doing the WebGoat lessons - tips and tricks | ||
| − | 3.3 | + | 3.3 Testing ModSecurity rules - tips and tricks |
| − | 3. | + | 3.4 Project organization |
| − | 3. | + | 3.4.1 ModSecurity rules |
| − | 3. | + | 3.4.2 SecDirData directory |
| − | 3.3.4 Informational and debug messages | + | 3.4.3 Error pages |
| + | |||
| + | 3.4.4 Informational and debug messages | ||
=== [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons Mitigating the WebGoat lessons] === | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons Mitigating the WebGoat lessons] === | ||
Revision as of 08:55, 21 October 2008
Contents
Introduction
1.1 Background
1.2 Purpose
1.3 Tasks and deliverables
1.4 Future development and long-term vision
1.5 Contributors
WebGoat
2.1 Overview
2.2 How it works
2.3 Lesson Table Of Contents
2.4 Overview of lesson results
ModSecurity protecting WebGoat
3.1 Project Setup and Environment
3.2 Doing the WebGoat lessons - tips and tricks
3.3 Testing ModSecurity rules - tips and tricks
3.4 Project organization
3.4.1 ModSecurity rules
3.4.2 SecDirData directory
3.4.3 Error pages
3.4.4 Informational and debug messages
Mitigating the WebGoat lessons
4.1 Project metrics at 50% completion
4.2 Project metrics at 100% completion
4.3 Sublessons that do not count or were not solved (and why)
4.4 Overall strategy
4.5 Reviewer comments
4.6 Using the Lua scripting language
4.7 Using Javascript 'prepend' and 'append'
4.8 Structure of mitigating a lesson
4.9 The mitigating solutions
