This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Securing WebGoat using ModSecurity Project"
m |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
1.3 Tasks and deliverables | 1.3 Tasks and deliverables | ||
− | 1.4 | + | 1.4 Project member comments at 100% |
− | 1.5 Contributors | + | 1.5 Future development and long-term vision |
+ | |||
+ | 1.6 Contributors | ||
=== [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_2_WebGoat WebGoat] === | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_2_WebGoat WebGoat] === | ||
Line 47: | Line 49: | ||
4.3 Sublessons that do not count or were not solved (and why) | 4.3 Sublessons that do not count or were not solved (and why) | ||
− | 4.4 Overall strategy | + | 4.4 Unfinished business |
+ | |||
+ | 4.4.1 Concurrent file access | ||
+ | |||
+ | 4.4.2 Lua security in ModSecurity | ||
+ | |||
+ | 4.5 Overall strategy | ||
− | 4. | + | 4.6 Reviewer comments |
− | 4. | + | 4.7 Using the Lua scripting language |
− | 4. | + | 4.8 Using Javascript 'prepend' and 'append' |
− | 4. | + | 4.9 Structure of mitigating a lesson |
− | 4. | + | 4.10 The mitigating solutions |
=== [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_A_WebGoat_Lesson_Plans_and_Solutions Appendix A: WebGoat lesson plans and solutions] === | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_A_WebGoat_Lesson_Plans_and_Solutions Appendix A: WebGoat lesson plans and solutions] === | ||
Line 64: | Line 72: | ||
=== [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_C_Building_Lua Appendix C: Building the Lua library and standalone executable] === | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_C_Building_Lua Appendix C: Building the Lua library and standalone executable] === | ||
+ | |||
+ | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_D_Additional_Important_Stuff Appendix D: Additional important stuff (e.g. wiki in Word doc, fixes)] === | ||
+ | |||
+ | D.1 This wiki in a Word doc | ||
+ | |||
+ | D.2 Other material | ||
+ | |||
+ | D.3 Fixes/enhancements |
Latest revision as of 10:50, 31 December 2008
- 1 Introduction
- 2 WebGoat
- 3 ModSecurity protecting WebGoat
- 4 Mitigating the WebGoat lessons
- 5 Appendix A: WebGoat lesson plans and solutions
- 6 Appendix B: Project solution files
- 7 Appendix C: Building the Lua library and standalone executable
- 8 Appendix D: Additional important stuff (e.g. wiki in Word doc, fixes)
Introduction
1.1 Background
1.2 Purpose
1.3 Tasks and deliverables
1.4 Project member comments at 100%
1.5 Future development and long-term vision
1.6 Contributors
WebGoat
2.1 Overview
2.2 How it works
2.3 Lesson Table Of Contents
2.4 Overview of lesson results
ModSecurity protecting WebGoat
3.1 Project Setup and Environment
3.2 Doing the WebGoat lessons - tips and tricks
3.3 Testing ModSecurity rules - tips and tricks
3.4 Project organization
3.4.1 ModSecurity rules
3.4.2 SecDirData directory
3.4.3 Error pages
3.4.4 Informational and debug messages
Mitigating the WebGoat lessons
4.1 Project metrics at 50% completion
4.2 Project metrics at 100% completion
4.3 Sublessons that do not count or were not solved (and why)
4.4 Unfinished business
4.4.1 Concurrent file access
4.4.2 Lua security in ModSecurity
4.5 Overall strategy
4.6 Reviewer comments
4.7 Using the Lua scripting language
4.8 Using Javascript 'prepend' and 'append'
4.9 Structure of mitigating a lesson
4.10 The mitigating solutions
Appendix A: WebGoat lesson plans and solutions
Appendix B: Project solution files
Appendix C: Building the Lua library and standalone executable
Appendix D: Additional important stuff (e.g. wiki in Word doc, fixes)
D.1 This wiki in a Word doc
D.2 Other material
D.3 Fixes/enhancements