This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Securing WebGoat using ModSecurity Project
Introduction
1.1 Background
1.2 Purpose
1.3 Tasks and deliverables
1.4 Future development and long-term vision
1.5 Contributors
WebGoat
2.1 Overview
2.2 How it works
2.3 Lesson Table Of Contents
2.4 Overview of lesson results
ModSecurity protecting WebGoat|ModSecurity protecting WebGoat
3.1 Project Setup and Environment
3.2 Doing the WebGoat lessons - tips and tricks
3.3 Project organization
3.3.1 ModSecurity rules
3.3.2 SecDirData directory
3.3.3 Error pages
3.3.4 Informational and debug messages
Mitigating the WebGoat lessons
4.1 Project metrics at 50% completion
4.2 Project metrics at 100% completion
4.3 Sublessons that do not count or were not solved (and why)
4.4 Overall strategy
4.5 Using the Lua scripting language
4.6 Structure of mitigating a lesson
4.7 The mitigating solutions