SpoC 007 - OWASP Corporate Application Security Rating Guide
AoC Candidate: Erwin Geirnaert
Project coordinator: Mandeep Khera
Project Progress: 0% Complete, Progress Page
Erwin Geirnaert - OWASP WebGoat Solutions Guide
WebGoat is used by a lot of people to learn about web application security and the different vulnerabilities. But it takes a lot of time to grasp how the tools like WebScarab work and how to use them effectively in WebGoat. I propose to create a walkthrough of the lessons in WebGoat so that people can learn from the solutions, without spoiling the fun.
Objectives and Deliverables
The WebGoat Solutions Guide is a document that can be bundled with WebGoat. Each lesson contains a detailed solution with screenshots and tools. I created a PDF with the solution for WebGoat 4.0 but this is too big to load (15 MB) and is not very practical.
After a discussion with Bruce about this, we think that the solutions should be made like the existing Lessons Plan so it is easier to maintain and update when a lesson changes. This means that there will be documentation folder and an individual solution for each lesson.
Why I should be sponsored for the project
I have more then 10 years experience in Java and J2EE and the last 6 years I have tested and broke a lot of web applications. I gave also some very successful J2EE security courses and web security courses. I spoke at different conferences about application security in Europe. And I am responsible for the security track at Javapolis, one of the biggest Jave conferences in Europe. I am the co-founder of ZION SECURITY where we do security testing, code review, design reviews, training,... I'm also member of the OWASP Belgium board that started in March 2007.