This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Web Goat"
| (10 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | '''AoC Candidate:''' | + | '''AoC Candidate:''' Sherif |
| − | '''Project Progress:''' | + | '''Project Coordinator:''' Jeff Williams |
| + | |||
| + | '''Project Progress:''' 100% Complete - [[OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat_-_Progress|Progress Page]] | ||
== Background and Motivation == | == Background and Motivation == | ||
'''History Behind Project''' | '''History Behind Project''' | ||
| − | + | WebGoat is a teaching tool designed to teach web application security lessons. Each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the application. | |
| + | Why the name "WebGoat"? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat | ||
'''Problem to be Addressed''' | '''Problem to be Addressed''' | ||
| − | + | WebGoat needs to be updated with more lessons. Since there are new attacks that are not covered yet in the current set of lessons like HTTP splitting and AJAX attacks. | |
| + | Also, there are uncompleted lessons which does not make WebGoat look professional enough for OWASP users. Some lesson plans also needs to be written. In addition to that, WebGoat needs to be integrated to SiteGenerator. | ||
'''Benefit to OWASP Members and Community''' | '''Benefit to OWASP Members and Community''' | ||
| − | + | Provide OWASP users with full, complete and professional tool that would teach them most of the web application attacks. The tool can be used as a professional educational tool for security novices. | |
| Line 20: | Line 24: | ||
'''Plan of Approach''' | '''Plan of Approach''' | ||
| + | * Please refer to the [https://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat_-_Progress progress] page | ||
'''Deliverables''' | '''Deliverables''' | ||
| − | + | * Source code with new lesson implemented | |
| − | + | * Updated user guide. | |
| + | * Updated lesson plans. | ||
| + | * Integration with SiteGenerator. | ||
== Risks and Rewards == | == Risks and Rewards == | ||
'''Main Risks''' | '''Main Risks''' | ||
| − | + | * Not being able to finish all the new lessons on time. | |
| − | + | * Can not find a suitable implementation for specific lesson. e.g. Buffer overrun. | |
'''Rewards of Successful Project''' | '''Rewards of Successful Project''' | ||
| + | * Working on a unique product like WebGoat. | ||
| + | * Contributing to OWASP project and to OWASP community. | ||
| + | * Providing OWASP users with a full, complete and professional product. | ||
| + | * Financial reward to the project candidate. | ||
Latest revision as of 05:00, 11 January 2007
AoC Candidate: Sherif
Project Coordinator: Jeff Williams
Project Progress: 100% Complete - Progress Page
Background and Motivation
History Behind Project WebGoat is a teaching tool designed to teach web application security lessons. Each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the application. Why the name "WebGoat"? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat
Problem to be Addressed
WebGoat needs to be updated with more lessons. Since there are new attacks that are not covered yet in the current set of lessons like HTTP splitting and AJAX attacks.
Also, there are uncompleted lessons which does not make WebGoat look professional enough for OWASP users. Some lesson plans also needs to be written. In addition to that, WebGoat needs to be integrated to SiteGenerator.
Benefit to OWASP Members and Community
Provide OWASP users with full, complete and professional tool that would teach them most of the web application attacks. The tool can be used as a professional educational tool for security novices.
Goals and Deliverables
Plan of Approach
- Please refer to the progress page
Deliverables
- Source code with new lesson implemented
- Updated user guide.
- Updated lesson plans.
- Integration with SiteGenerator.
Risks and Rewards
Main Risks
- Not being able to finish all the new lessons on time.
- Can not find a suitable implementation for specific lesson. e.g. Buffer overrun.
Rewards of Successful Project
- Working on a unique product like WebGoat.
- Contributing to OWASP project and to OWASP community.
- Providing OWASP users with a full, complete and professional product.
- Financial reward to the project candidate.
