Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Web Goat"

From OWASP
Jump to: navigation, search
m
Line 13: Line 13:
  
 
'''Problem to be Addressed'''
 
'''Problem to be Addressed'''
WebGoat needs to be updated with more lessons. Since there are some attacks that are not covered in the current set of classes like HTTP splitting and AJAX attacks.
+
WebGoat needs to be updated with more lessons. Since there are new attacks that are not covered yet in the current set of lessons like HTTP splitting and AJAX attacks.
Also, there are uncompleted lessons which does not make the product look professional enough for OWASP users. Some lesson plans also needs  
+
Also, there are uncompleted lessons which does not make WebGoat look professional enough for OWASP users. Some lesson plans also needs to be written. In addition to that, WebGoat needs to be integrated to SiteGenerator.
  
  
 
'''Benefit to OWASP Members and Community'''
 
'''Benefit to OWASP Members and Community'''
 
+
Provide OWASP users with full, complete and professional tool that would teach them most of the web application attacks. The tool can be used as a professional educational tool for security novices.
  
  
Line 28: Line 28:
  
 
'''Deliverables'''
 
'''Deliverables'''
 
+
- Source code with new lesson implemented
 +
- Updated user guide.
 +
- Updated lesson plans.
 +
- Integration with SiteGenerator.
  
  

Revision as of 22:24, 2 October 2006

AoC Candidate: Sherif

Project Coordinator: Jeff Williams

Project Progress: xx% Complete - Progress Page

Background and Motivation

History Behind Project WebGoat is a teaching tool designed to teach web application security lessons. Each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the application. Why the name "WebGoat"? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat


Problem to be Addressed WebGoat needs to be updated with more lessons. Since there are new attacks that are not covered yet in the current set of lessons like HTTP splitting and AJAX attacks. Also, there are uncompleted lessons which does not make WebGoat look professional enough for OWASP users. Some lesson plans also needs to be written. In addition to that, WebGoat needs to be integrated to SiteGenerator.


Benefit to OWASP Members and Community Provide OWASP users with full, complete and professional tool that would teach them most of the web application attacks. The tool can be used as a professional educational tool for security novices.


Goals and Deliverables

Plan of Approach


Deliverables - Source code with new lesson implemented - Updated user guide. - Updated lesson plans. - Integration with SiteGenerator.


Risks and Rewards

Main Risks


Rewards of Successful Project