OWASP WebGoat Download – Deliberately Insecure Web Application


WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

OWASP WebGoat Download - Deliberately Insecure Web Application


What does OWASP WebGoat Do?

In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

Why the name “WebGoat”? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the ‘Goat!

Once deployed, the user can go through the lessons and track their progress with the scorecard.

Web application security is difficult to learn and practice. Not many people have full blown web applications like online book stores or online banks that can be used to scan for vulnerabilities. In addition, security professionals frequently need to test tools against a platform known to be vulnerable to ensure that they perform as advertised.

All of this needs to happen in a safe and legal environment. Even if your intentions are good, we believe you should never attempt to find vulnerabilities without permission. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.

We’ve written about various Vulnerable Web Apps before including those such as:

Mutillidae – Vulnerable Web-Application To Learn Web Hacking
OWASP Bricks – Modular Deliberately Vulnerable Web Application
WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation
Jarlsberg – Learn Web Application Exploits and Defenses
Damn Vulnerable Web App – Learn & Practise Web Hacking

What can you learn from OWASP WebGoat?


  • Cross-site Scripting (XSS)
  • Access Control
  • Thread Safety
  • Hidden Form Field Manipulation
  • Parameter Manipulation
  • Weak Session Cookies
  • Blind SQL Injection
  • Numeric SQL Injection
  • String SQL Injection
  • Web Services
  • Fail Open Authentication
  • Dangers of HTML Comments
  • … and many more!

How to use OWASP WebGoat & Tutorials

The easiest way to start WebGoat is to use Docker.

Run it Docker:

Browse to http://localhost:8080/WebGoat and Happy Hacking!

You find tutorials, installation details and everything else you need to get going here:

https://github.com/WebGoat/WebGoat/wiki

WebGoat Download

The WebGoat download for 7.1 is here:

webgoat-container-7.1-exec.jar

Or read more here.

Posted in: Web Hacking

, , , ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


Comments are closed.