Difference between revisions of "WebGoat"
| Line 28: | Line 28: | ||
== Installation Instructions == | == Installation Instructions == | ||
=== Run with Docker === | |||
Need to insall Docker first, then you can install WebGoat as Docker Image. | Need to insall Docker first, then you can install WebGoat as Docker Image. | ||
| Line 35: | Line 35: | ||
sudo docker run -it -p 127.0.0.1:80:8888 -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf:v8.2.2 | sudo docker run -it -p 127.0.0.1:80:8888 -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf:v8.2.2 | ||
=== Standalone === | |||
Download .jar file (Java Archive file) from https://github.com/WebGoat/WebGoat/releases | Download .jar file (Java Archive file) from https://github.com/WebGoat/WebGoat/releases | ||
| Line 41: | Line 41: | ||
java -Dfile.encoding=UTF-8 -Dwebgoat.port=8080 -Dwebwolf.port=9090 -jar webgoat-8.2.3.jar | java -Dfile.encoding=UTF-8 -Dwebgoat.port=8080 -Dwebwolf.port=9090 -jar webgoat-8.2.3.jar | ||
=== Run from the sources === | |||
Clone GitHub Repository (Open Source) | Clone GitHub Repository (Open Source) | ||
| Line 56: | Line 56: | ||
# On Windows: | # On Windows: | ||
./mvnw.cmd clean install | ./mvnw.cmd clean install | ||
When the priject is compiled successfully we are ready to run the project. WebGoat is using Spring Boot. | |||
# On Linux/Mac: | |||
./mvnw spring-boot:run | |||
# On Windows: | |||
./mvnw.cmd spring-boot:run | |||
== Access == | == Access == | ||
| Line 66: | Line 74: | ||
To gain access to the lessons and challenges, you need to register. | To gain access to the lessons and challenges, you need to register. | ||
== References == | == References == | ||
<references /> | <references /> | ||
[[Category:Documentation]] | [[Category:Documentation]] | ||
Revision as of 14:16, 2 January 2023
Summary
This is a tutorial and info site on the OWASP's vulnerable web application WebGoat.
OWASP WebGoat
The OWASP WebGoat project provides an insecure web application that demonstrates the most common client-side application flaws and explains and tests the vulnerabilities from the OWASP Top 10. Lessons, exercises and challenges are provided to give interested developers hands-on experience to test and better understand the material. When starting each lesson, the user is provided with content and interactive questions about the already explained material or demonstrations of the explained functionality through a dialog from different pages. The learning of the content is thus brought to the user in a playful, hands-on experience. The lessons are structured strictly according to the OWASP Top 10 and can be tested and reviewed individually.
Setup
There are three possible ways to install the programm: Standalone, Docker Image and cloning the repository (open source) [1]
Requirements
- Operating system:
- Windows 8 or higher
- Ubuntu Linux 20.04 LTS or higher
- macOS 10.14 or higher
- Or any other OS which is supported by Java 17
- Java 17 OR
- Docker Desktop
- Internet Browser of any type
- GIT
Description
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.[2]
Installation Instructions
Run with Docker
Need to insall Docker first, then you can install WebGoat as Docker Image.
sudo apt install docker.io sudo docker run -it -p 127.0.0.1:80:8888 -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf:v8.2.2
Standalone
Download .jar file (Java Archive file) from https://github.com/WebGoat/WebGoat/releases
java -Dfile.encoding=UTF-8 -Dwebgoat.port=8080 -Dwebwolf.port=9090 -jar webgoat-8.2.3.jar
Run from the sources
Clone GitHub Repository (Open Source)
git clone git@github.com:WebGoat/WebGoat.git
Compile the Project using Java 17
cd WebGoat git checkout <<branch_name>> # On Linux/Mac: ./mvnw clean install
# On Windows: ./mvnw.cmd clean install
When the priject is compiled successfully we are ready to run the project. WebGoat is using Spring Boot.
# On Linux/Mac: ./mvnw spring-boot:run # On Windows: ./mvnw.cmd spring-boot:run
Access
- The landing page will be located at: http://localhost
- WebGoat will be located at: http://localhost:8080/WebGoat
- WebWolf will be located at: http://localhost:9090/WebWolf
To gain access to the lessons and challenges, you need to register.
References
- ↑ WebGoat Github, WebGoat, 2022, accessed on: 02.01.2023, [Online]. Available: https://github.com/WebGoat/WebGoat
- ↑ WebGoat Github, WebGoat, 2022, accessed on: 08.01.2022. [Online]. Available: https://github.com/WebGoat/WebGoat