OWASP Securing WebGoat using ModSecurity Project

From OWASP

Revision as of 08:55, 21 October 2008 by Stephen Evans (talk | contribs) (→‎[http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_3_ModSecurity_WebGoat_at_50_percent ModSecurity protecting WebGoat])

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 Introduction
2 WebGoat
3 ModSecurity protecting WebGoat
4 Mitigating the WebGoat lessons
5 Appendix A: WebGoat lesson plans and solutions
6 Appendix B: Project solution files

Introduction

1.1 Background

1.2 Purpose

1.3 Tasks and deliverables

1.4 Future development and long-term vision

1.5 Contributors

WebGoat

2.1 Overview

2.2 How it works

2.3 Lesson Table Of Contents

2.4 Overview of lesson results

ModSecurity protecting WebGoat

3.1 Project Setup and Environment

3.2 Doing the WebGoat lessons - tips and tricks

3.3 Testing ModSecurity rules - tips and tricks

3.4 Project organization

3.4.1 ModSecurity rules

3.4.2 SecDirData directory

3.4.3 Error pages

3.4.4 Informational and debug messages

Mitigating the WebGoat lessons

4.1 Project metrics at 50% completion

4.2 Project metrics at 100% completion

4.3 Sublessons that do not count or were not solved (and why)

4.4 Overall strategy

4.5 Reviewer comments

4.6 Using the Lua scripting language

4.7 Using Javascript 'prepend' and 'append'

4.8 Structure of mitigating a lesson

4.9 The mitigating solutions

Appendix A: WebGoat lesson plans and solutions

Appendix B: Project solution files

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Securing_WebGoat_using_ModSecurity_Project&oldid=44224"