This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Project Information:template Securing WebGoat using ModSecurity - 50 Review - Self Evaluation - A"
(doing self-review) |
|||
Line 15: | Line 15: | ||
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#Securing WebGoat using ModSecurity|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised. | 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#Securing WebGoat using ModSecurity|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised. | ||
| colspan="2" style="width:75%; background:#cccccc" align="left"| | | colspan="2" style="width:75%; background:#cccccc" align="left"| | ||
− | |- | + | |- The main goal of solving 50% of the WebGoat vulnerabilities has been achieved. The final goal is 90%; 25 out of 47 to 50 lessons (subject to intepretation) were solved. See "Section 1: Tasks & Deliverables" at |
+ | http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_1_Introduction, and "Section 4: Project metrics" at | ||
+ | http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons. | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#Securing WebGoat using ModSecurity|'''the assumed ones''']], please quantify in terms of percentage. | 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#Securing WebGoat using ModSecurity|'''the assumed ones''']], please quantify in terms of percentage. | ||
| colspan="2" style="width:75%; background:#cccccc" align="left"| | | colspan="2" style="width:75%; background:#cccccc" align="left"| | ||
− | |- | + | |- I would guess that 70-75% of the effort needed to complete the project has been done. Everything was new to me: WebGoat (and I was using a beta), ModSecurity, wikis; and researching and learning more about the classes and types of vulnerabilities have taken considerable effort. As an 8 week veteran of ModSecurity, plus knowing how WebGoat works, solving the rest of the WebGoat lessons (90% or more) will be much easier. |
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
3. What kind of help is required either from the Reviewers or from the OWASP Community? | 3. What kind of help is required either from the Reviewers or from the OWASP Community? | ||
| colspan="2" style="width:75%; background:#cccccc" align="left"| | | colspan="2" style="width:75%; background:#cccccc" align="left"| | ||
+ | |- I have already received excellent feedback and guidance from Ryan Barnett. | ||
+ | | style="width:25%; background:#7B8ABD" align="center"| | ||
|} | |} |
Revision as of 04:59, 18 August 2008
Click here to return to the previous page.
50% REVIEW PROCESS | ||
---|---|---|
Project Deliveries & Objectives |
OWASP Securing WebGoat using ModSecurity Project's Deliveries & Objectives | |
QUESTIONS | ANSWERS | |
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
||
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
||
3. What kind of help is required either from the Reviewers or from the OWASP Community? |
||