Category:OWASP Securing WebGoat using ModSecurity Project
Revision as of 04:50, 14 July 2008 by Stephen Evans (First entry to start project wiki)
|Project Name||OWASP Securing WebGoat using ModSecurity Project|
|Short Project Description||The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve.|
|Project key Information||Project Leader
Stephen Craig Evans
Creative Commons Attribution Share Alike 3.0
OWASP SoC 08
|Release Status||Main Links||Related Projects|
Welcome to the OWASP Securing WebGoat using ModSecurity Project
The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).
This category currently contains no pages or media.