This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Securing WebGoat using ModSecurity"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by one other user not shown)
Line 9: Line 9:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Stephen Evans|'''Stephen Evans''']]
+
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Stephen Evans|'''Stephen Craig Evans''']]
 
  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
 
  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
 
  | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity '''Subscribe here''']<br>[mailto:Owasp-WebGoat-using-ModSecurity(at)lists.owasp.org '''Use here''']
 
  | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity '''Subscribe here''']<br>[mailto:Owasp-WebGoat-using-ModSecurity(at)lists.owasp.org '''Use here''']
Line 31: Line 31:
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
 
[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
 
[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
|}
 
 
 
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
 
|-
 
| style="width:100%; background:#cccccc" align="center"|
 
* [[:OWASP Securing WebGoat using ModSecurity Project|Main project page]]
 
* [[:OWASP ModSecurity Securing WebGoat Section4 Sublesson 04.2|Section 4, Mitigating the WebGoat lessons]]
 
* [https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff Project wiki available as Word doc]
 
*(If appropriate, links to be added)
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''RELATED PROJECTS'''
 
|-
 
| style="width:100%; background:#cccccc" align="center"|
 
[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
 
|-
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications#Securing WebGoat using ModSecurity|'''Sponsored Project/Guidelines/Roadmap''']]
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
 
|-
 
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
 
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
 
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality''' <br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
|-
 
|}
 
 
 
 
 
 
 
 
 
 
 
 
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Securing WebGoat using ModSecurity Project'''
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
 
| colspan="6" style="width:85%; background:#cccccc" align="left"|The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve.
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
 
| style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:stephencraig.evans(at)gmail.com '''Stephen Evans''']
 
| style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
 
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity '''Mailing List/Subscribe''']<br>[mailto:Owasp-WebGoat-using-ModSecurity(at)lists.owasp.org '''Mailing List/Use''']
 
| style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:[email protected] '''Ivan Ristic &<br>Breach Group''']
 
| style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:christian.folini(at)netnea.com '''Christian Folini''']
 
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>'''X'''
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
 
|-
 
| style="width:100%; background:#cccccc" align="center"|
 
* [[:OWASP Securing WebGoat using ModSecurity Project|Main project page]]
 
* [[:OWASP ModSecurity Securing WebGoat Section4 Sublesson 04.2|Section 4, Mitigating the WebGoat lessons]]
 
* [https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff Project wiki available as Word doc]
 
*(If appropriate, links to be added)
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''RELATED PROJECTS'''
 
|-
 
| style="width:100%; background:#cccccc" align="center"|
 
[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
 
|-
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications#Securing WebGoat using ModSecurity|'''Sponsored Project/Guidelines/Roadmap''']]
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
 
|-
 
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
 
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
 
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality'''<br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta Quality''' <br>---------<br>[[Project Information:template Securing WebGoat using ModSecurity - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
|-
 
 
  |}
 
  |}

Latest revision as of 10:24, 3 February 2009

PROJECT IDENTIFICATION
Project Name OWASP Securing WebGoat using ModSecurity Project
Short Project Description The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve.
Project key Information Project Leader
Stephen Craig Evans 		Project Contributors
(if applicable) 		Mailing List
Subscribe here
Use here 		License
Creative Commons Attribution Share Alike 3.0 		Project Type
Documentation 		Sponsors
OWASP SoC 08
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.

OWASP WebGoat Project

Retrieved from "https://wiki.owasp.org/index.php?title=Project_Information:template_Securing_WebGoat_using_ModSecurity&oldid=52865"