This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Securing WebGoat using ModSecurity Project"

From OWASP
Jump to: navigation, search
([http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons Mitigating the WebGoat lessons])
([http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons Mitigating the WebGoat lessons])
Line 55: Line 55:
 
4.4.2 Lua security in ModSecurity
 
4.4.2 Lua security in ModSecurity
  
4.4 Overall strategy
+
4.5 Overall strategy
  
4.5 Reviewer comments
+
4.6 Reviewer comments
  
4.6 Using the Lua scripting language
+
4.7 Using the Lua scripting language
  
4.7 Using Javascript 'prepend' and 'append'
+
4.8 Using Javascript 'prepend' and 'append'
  
4.8 Structure of mitigating a lesson
+
4.9 Structure of mitigating a lesson
  
4.9 The mitigating solutions
+
4.10 The mitigating solutions
  
 
=== [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_A_WebGoat_Lesson_Plans_and_Solutions Appendix A: WebGoat lesson plans and solutions] ===
 
=== [http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Appendix_A_WebGoat_Lesson_Plans_and_Solutions Appendix A: WebGoat lesson plans and solutions] ===

Revision as of 09:42, 16 November 2008

Introduction

1.1 Background

1.2 Purpose

1.3 Tasks and deliverables

1.4 Project member comments at 100%

1.5 Future development and long-term vision

1.6 Contributors

WebGoat

2.1 Overview

2.2 How it works

2.3 Lesson Table Of Contents

2.4 Overview of lesson results

ModSecurity protecting WebGoat

3.1 Project Setup and Environment

3.2 Doing the WebGoat lessons - tips and tricks

3.3 Testing ModSecurity rules - tips and tricks

3.4 Project organization

3.4.1 ModSecurity rules

3.4.2 SecDirData directory

3.4.3 Error pages

3.4.4 Informational and debug messages

Mitigating the WebGoat lessons

4.1 Project metrics at 50% completion

4.2 Project metrics at 100% completion

4.3 Sublessons that do not count or were not solved (and why)

4.4 Unfinished business

4.4.1 Concurrent file access

4.4.2 Lua security in ModSecurity

4.5 Overall strategy

4.6 Reviewer comments

4.7 Using the Lua scripting language

4.8 Using Javascript 'prepend' and 'append'

4.9 Structure of mitigating a lesson

4.10 The mitigating solutions

Appendix A: WebGoat lesson plans and solutions

Appendix B: Project solution files

Appendix C: Building the Lua library and standalone executable