This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Securing WebGoat using ModSecurity Project

From OWASP

Revision as of 12:57, 14 July 2008 by Stephen Evans (talk | contribs) (Added '4.3 Using the Lua scripting language')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

1 Introduction
2 WebGoat
3 ModSecurity protecting WebGoat at 50%
4 Mitigating the WebGoat lessons
5 To do for project completion
6 Future considerations
7 Appendix A: The WebGoat solutions (borrowed from the OWASP WebGoat project)

Introduction

1.1 Overview

1.2 Milestones

1.3 Contributors

WebGoat

2.1 Overview

2.2 How it works

2.3 Lesson Table Of Contents

2.4 Overview of lesson results

ModSecurity protecting WebGoat at 50%

3.1 Project Setup and Environment

3.2 Doing the WebGoat lessons - tips and tricks

3.3 Project organization

3.3.1 ModSecurity rules

3.3.2 SecDirData directory

3.3.3 Error pages

3.3.4 Informational and debug messages

Mitigating the WebGoat lessons

4.1 Project metrics

4.2 Overall strategy

4.3 Using the Lua scripting language

4.4 Structure of mitigating a lesson

4.5 The mitigating solutions

To do for project completion

Future considerations

Appendix A: The WebGoat solutions (borrowed from the OWASP WebGoat project)

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Securing_WebGoat_using_ModSecurity_Project&oldid=34063"