This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SpoC 007 - OWASP WebGoat Solutions Guide"
Line 4: | Line 4: | ||
'''AoC Candidate''': Erwin Geirnaert | '''AoC Candidate''': Erwin Geirnaert | ||
− | '''Project coordinator''': | + | '''Project coordinator''': Jeff Williams |
'''Project Progress''': 90% Complete, [[SpoC 007 - OWASP WebGoat Solutions Guide - Progress Page|Progress Page]] | '''Project Progress''': 90% Complete, [[SpoC 007 - OWASP WebGoat Solutions Guide - Progress Page|Progress Page]] |
Revision as of 20:42, 27 August 2007
Back to SpoC 007 Selection page
AoC Candidate: Erwin Geirnaert
Project coordinator: Jeff Williams
Project Progress: 90% Complete, Progress Page
Erwin Geirnaert - OWASP WebGoat Solutions Guide
Executive Summary
WebGoat is used by a lot of people to learn about web application security and the different vulnerabilities. But it takes a lot of time to grasp how the tools like WebScarab work and how to use them effectively in WebGoat. I propose to create a walkthrough of the lessons in WebGoat so that people can learn from the solutions, without spoiling the fun.
Objectives and Deliverables
The WebGoat Solutions Guide is a document that can be bundled with WebGoat. Each lesson contains a detailed solution with screenshots and tools. I created a PDF with the solution for WebGoat 4.0 but this is too big to load (15 MB) and is not very practical.
After a discussion with Bruce about this, we think that the solutions should be made like the existing Lessons Plan so it is easier to maintain and update when a lesson changes. This means that there will be documentation folder and an individual solution for each lesson.
Why I should be sponsored for the project
I have more then 10 years experience in Java and J2EE and the last 6 years I have tested and broke a lot of web applications. I gave also some very successful J2EE security courses and web security courses. I spoke at different conferences about application security in Europe. And I am responsible for the security track at Javapolis, one of the biggest Jave conferences in Europe. I am the co-founder of ZION SECURITY where we do security testing, code review, design reviews, training,... I'm also member of the OWASP Belgium board that started in March 2007.