This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Project Information:template Securing WebGoat using ModSecurity"
From OWASP
| Line 9: | Line 9: | ||
|- | |- | ||
| style="width:15%; background:#7B8ABD" align="center"|'''Project key Information''' | | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information''' | ||
| − | | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[ | + | | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Stephen Evans|'''Stephen Evans''']] |
| style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable) | | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable) | ||
| style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity '''Subscribe here''']<br>[mailto:Owasp-WebGoat-using-ModSecurity(at)lists.owasp.org '''Use here'''] | | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity '''Subscribe here''']<br>[mailto:Owasp-WebGoat-using-ModSecurity(at)lists.owasp.org '''Use here'''] | ||
Revision as of 17:50, 23 January 2009
| PROJECT IDENTIFICATION | |||||||
|---|---|---|---|---|---|---|---|
| Project Name | OWASP Securing WebGoat using ModSecurity Project | ||||||
| Short Project Description | The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve. | ||||||
| Project key Information | Project Leader Stephen Evans |
Project Contributors (if applicable) |
Mailing List Subscribe here Use here |
License Creative Commons Attribution Share Alike 3.0 |
Project Type Documentation |
Sponsors OWASP SoC 08 | |
| Release Status | Main Links | Related Projects |
|---|---|---|
|
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| |||||
| RELATED PROJECTS | |||||
|---|---|---|---|---|---|
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
| 50% Review | Objectives & Deliveries reached? Yes --------- See&Edit:50% Review/Self-Evaluation (A) |
Objectives & Deliveries reached? Yes --------- See&Edit: 50% Review/1st Reviewer (C) |
Objectives & Deliveries reached? Yes --------- See&Edit: 50%Review/2nd Reviewer (E) |
X |
| Final Review | Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/SelfEvaluation (B) |
Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/1st Reviewer (D) |
Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/2nd Reviewer (F) |
X |
| PROJECT IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Project Name | OWASP Securing WebGoat using ModSecurity Project | |||||
| Short Project Description | The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve. | |||||
| Email Contacts | Project Leader Stephen Evans |
Project Contributors (if applicable) Name&Email |
Mailing List/Subscribe Mailing List/Use |
First Reviewer Ivan Ristic & Breach Group |
Second Reviewer Christian Folini |
OWASP Board Member X |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| |||||
| RELATED PROJECTS | |||||
|---|---|---|---|---|---|
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
| 50% Review | Objectives & Deliveries reached? Yes --------- See&Edit:50% Review/Self-Evaluation (A) |
Objectives & Deliveries reached? Yes --------- See&Edit: 50% Review/1st Reviewer (C) |
Objectives & Deliveries reached? Yes --------- See&Edit: 50%Review/2nd Reviewer (E) |
X |
| Final Review | Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/SelfEvaluation (B) |
Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/1st Reviewer (D) |
Objectives & Deliveries reached? Yes --------- Which status has been reached? Beta Quality --------- See&Edit: Final Review/2nd Reviewer (F) |
X |
