WebGoat
Summary
This is a tutorial and info site on the OWASP's vulnerable web application WebGoat.
OWASP WebGoat
The OWASP WebGoat project provides an insecure web application that demonstrates the most common client-side application flaws and explains and tests the vulnerabilities from the OWASP Top 10. Lessons, exercises and challenges are provided to give interested developers hands-on experience to test and better understand the material. When starting each lesson, the user is provided with content and interactive questions about the already explained material or demonstrations of the explained functionality through a dialog from different pages. The learning of the content is thus brought to the user in a playful, hands-on experience. The lessons are structured strictly according to the OWASP Top 10 and can be tested and reviewed individually.
Setup
There are three possible ways to install the programm: Standalone, Docker Image and cloning the repository (open source) [1]
Requirements
- Operating system:
- Windows 8 or higher
- Ubuntu Linux 20.04 LTS or higher
- macOS 10.14 or higher
- Or any other OS which is supported by Java 17
- Java 17 OR
- Docker Desktop
- Internet Browser of any type
- GIT
Description
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.[2]
Installation Instructions
- Run via Docker
Need to insall Docker first, then you can install WebGoat as Docker Image.
sudo apt install docker.io sudo docker run -it -p 127.0.0.1:80:8888 -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf:v8.2.2
- Standalone
Download .jar file (Java Archive file) from https://github.com/WebGoat/WebGoat/releases
java -Dfile.encoding=UTF-8 -Dwebgoat.port=8080 -Dwebwolf.port=9090 -jar webgoat-8.2.3.jar
- Run from the sources
Clone GitHub Repository (Open Source)
git clone git@github.com:WebGoat/WebGoat.git
Compile the Project using Java 17
cd WebGoat git checkout <<branch_name>> # On Linux/Mac: ./mvnw clean install
# On Windows: ./mvnw.cmd clean install
Access
- The landing page will be located at: http://localhost
- WebGoat will be located at: http://localhost:8080/WebGoat
- WebWolf will be located at: http://localhost:9090/WebWolf
To gain access to the lessons and challenges, you need to register.
References
- ↑ WebGoat Github, WebGoat, 2022, accessed on: 02.01.2023, [Online]. Available: https://github.com/WebGoat/WebGoat
- ↑ WebGoat Github, WebGoat, 2022, accessed on: 08.01.2022. [Online]. Available: https://github.com/WebGoat/WebGoat