This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Securing WebGoat using ModSecurity Project

From OWASP
Revision as of 02:58, 20 October 2008 by Stephen Evans (talk | contribs) ([http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_3_ModSecurity_WebGoat_at_50_percent ModSecurity protecting WebGoat])

Jump to: navigation, search

Introduction

1.1 Background

1.2 Purpose

1.3 Tasks and deliverables

1.4 Future development and long-term vision

1.5 Contributors

WebGoat

2.1 Overview

2.2 How it works

2.3 Lesson Table Of Contents

2.4 Overview of lesson results

ModSecurity protecting WebGoat|ModSecurity protecting WebGoat

3.1 Project Setup and Environment

3.2 Doing the WebGoat lessons - tips and tricks

3.3 Project organization

3.3.1 ModSecurity rules

3.3.2 SecDirData directory

3.3.3 Error pages

3.3.4 Informational and debug messages

Mitigating the WebGoat lessons

4.1 Project metrics at 50% completion

4.2 Project metrics at 100% completion

4.3 Sublessons that do not count or were not solved (and why)

4.4 Overall strategy

4.5 Using the Lua scripting language

4.6 Structure of mitigating a lesson

4.7 The mitigating solutions

Appendix A: WebGoat lesson plans and solutions

Appendix B: Project solution files

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Securing_WebGoat_using_ModSecurity_Project&oldid=43848"