Project Information:template Securing WebGoat using ModSecurity - 50 Review - Self Evaluation - A

From OWASP
Revision as of 00:07, 18 August 2008 by Stephen Evans (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Securing WebGoat using ModSecurity Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The main goal of solving 50% of the WebGoat vulnerabilities has been achieved. The final goal is 90%; 25 out of possible 47 to 50 lessons (subject to interpretation) were solved. See "Section 1: Tasks & Deliverables" at

http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_1_Introduction, and "Section 4: Project metrics" at http://www.owasp.org/index.php/OWASP_ModSecurity_Securing_WebGoat_Section_4_Mitigating_the_WebGoat_Lessons.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

I would guess that 70-75% of the effort needed to complete the project has been done. Everything was new to me: WebGoat (and I was using a beta version), ModSecurity, wikis; and researching and learning more about the classes and types of vulnerabilities have taken quite a bit of effort. As an 8 week veteran of ModSecurity, knowing now how WebGoat works and reaearching the remaining WebGoat vulnerabilities, I believe that solving the rest of the WebGoat lessons (90% or more) will be much easier.

3. What kind of help is required either from the Reviewers or from the OWASP Community?

I have already received excellent feedback and guidance from Ryan Barnett. Of course, more feedback, criticism, and comments from the other reviewers are welcome.