The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve.
For more information, please check out the project home page at OWASP Securing WebGoat using ModSecurity Project.
Lulu Staff has been notified of a possible violation of the terms of our Membership Agreement. Our agents will determine if the content reported is inappropriate or not based on the guidelines provided and will then take action where needed.
Thank you for notifying us. We will email you with the results and/or actions taken as a result of the investigation if you chose to receive confirmation.