Difference between revisions of "Category:OWASP Securing WebGoat using ModSecurity Project"

From OWASP
Jump to: navigation, search
(News)
(added news)
Line 7: Line 7:
 
The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).
 
The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).
  
[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v0.2]
+
[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v0.7]
  
 
== Mailing List ==
 
== Mailing List ==
Line 20: Line 20:
  
 
* 22 Oct 2008 - Wiki updates; project near 100% completion.
 
* 22 Oct 2008 - Wiki updates; project near 100% completion.
 +
 +
* 05 Nov 2008 - Finished incorporating all reviewer comments.
 +
 +
* 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.
 +
 +
* 16 Nov 2008 - Added 'Section 4.4 Unfinished Business' which includes discussions about concurrent file access and Lua security
  
 
== Contacts ==
 
== Contacts ==

Revision as of 00:10, 17 November 2008

Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.

PROJECT IDENTIFICATION
Project Name OWASP Securing WebGoat using ModSecurity Project
Short Project Description The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve.
Project key Information Project Leader
Stephen Craig Evans
Project Contributors
(if applicable)
Mailing List
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.

OWASP WebGoat Project

Contents

Welcome to the OWASP Securing WebGoat using ModSecurity Project

The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).

Securing WebGoat using ModSecurity Project wiki v0.7

Mailing List

https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity

owasp-webgoat-using-modsecurity@lists.owasp.org

News

  • 14 Jul 2008 - Project wiki created and under construction.
  • 22 Oct 2008 - Wiki updates; project near 100% completion.
  • 05 Nov 2008 - Finished incorporating all reviewer comments.
  • 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.
  • 16 Nov 2008 - Added 'Section 4.4 Unfinished Business' which includes discussions about concurrent file access and Lua security

Contacts

stephencraig.evans <at> gmail.com

This category currently contains no pages or media.