This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Securing WebGoat using ModSecurity Project"
(→Appendix A: The WebGoat lesson plans and solutions) |
(add appendix B) |
||
| Line 1: | Line 1: | ||
| − | == [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_1_Introduction Introduction] == | + | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_1_Introduction Introduction] === |
1.1 Background | 1.1 Background | ||
| Line 11: | Line 11: | ||
1.5 Contributors | 1.5 Contributors | ||
| − | == [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_2_WebGoat WebGoat] == | + | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_2_WebGoat WebGoat] === |
2.1 Overview | 2.1 Overview | ||
| Line 21: | Line 21: | ||
2.4 Overview of lesson results | 2.4 Overview of lesson results | ||
| − | == [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_3_ModSecurity_WebGoat_at_50_percent ModSecurity protecting WebGoat at 50%] == | + | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_3_ModSecurity_WebGoat_at_50_percent ModSecurity protecting WebGoat at 50%] === |
3.1 Project Setup and Environment | 3.1 Project Setup and Environment | ||
| Line 37: | Line 37: | ||
3.3.4 Informational and debug messages | 3.3.4 Informational and debug messages | ||
| − | == [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons Mitigating the WebGoat lessons] == | + | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons Mitigating the WebGoat lessons] === |
4.1 Project metrics | 4.1 Project metrics | ||
| Line 49: | Line 49: | ||
4.5 The mitigating solutions | 4.5 The mitigating solutions | ||
| − | == [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_A_WebGoat_Lesson_Plans_and_Solutions Appendix A: WebGoat lesson plans and solutions] == | + | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_A_WebGoat_Lesson_Plans_and_Solutions Appendix A: WebGoat lesson plans and solutions] === |
| + | |||
| + | === [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_B_Project_Solution_Files Appendix B: Project solution files] === | ||
Revision as of 05:28, 25 July 2008
Introduction
1.1 Background
1.2 Purpose
1.3 Talks and deliverables
1.4 Future development and long-term vision
1.5 Contributors
WebGoat
2.1 Overview
2.2 How it works
2.3 Lesson Table Of Contents
2.4 Overview of lesson results
ModSecurity protecting WebGoat at 50%
3.1 Project Setup and Environment
3.2 Doing the WebGoat lessons - tips and tricks
3.3 Project organization
3.3.1 ModSecurity rules
3.3.2 SecDirData directory
3.3.3 Error pages
3.3.4 Informational and debug messages
Mitigating the WebGoat lessons
4.1 Project metrics
4.2 Overall strategy
4.3 Using the Lua scripting language
4.4 Structure of mitigating a lesson
4.5 The mitigating solutions
