{"id":4013,"date":"2015-10-20T03:08:40","date_gmt":"2015-10-19T19:08:40","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4013"},"modified":"2017-10-29T20:15:37","modified_gmt":"2017-10-29T12:15:37","slug":"owasp-webgoat-deliberately-insecure-web-application","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/10\/owasp-webgoat-deliberately-insecure-web-application\/","title":{"rendered":"OWASP WebGoat Download &#8211; Deliberately Insecure Web Application"},"content":{"rendered":"<p>WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2015\/10\/OWASP-WebGoat-Download-Deliberately-Insecure-Web-Application-640x312.jpg\" alt=\"OWASP WebGoat Download - Deliberately Insecure Web Application\" width=\"640\" height=\"312\" class=\"aligncenter size-medium wp-image-4868\" srcset=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2015\/10\/OWASP-WebGoat-Download-Deliberately-Insecure-Web-Application-640x312.jpg 640w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2015\/10\/OWASP-WebGoat-Download-Deliberately-Insecure-Web-Application.jpg 1000w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<h2>What does OWASP WebGoat Do?<\/h2>\n<p>In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.<\/p>\n<p>Why the name &#8220;WebGoat&#8221;? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the &#8216;Goat!<\/p>\n<p>Once deployed, the user can go through the lessons and track their progress with the scorecard.<\/p>\n<p>Web application security is difficult to learn and practice. Not many people have full blown web applications like online book stores or online banks that can be used to scan for vulnerabilities. In addition, security professionals frequently need to test tools against a platform known to be vulnerable to ensure that they perform as advertised.<\/p>\n<p>All of this needs to happen in a safe and legal environment. Even if your intentions are good, we believe you should never attempt to find vulnerabilities without permission. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.<\/p>\n<p>We&#8217;ve written about various <a href=\"https:\/\/www.darknet.org.uk\/tag\/vulnerable-web-app\/\">Vulnerable Web Apps<\/a> before including those such as:<\/p>\n<p>&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2013\/10\/mutillidae-vulnerable-web-application-learn-web-hacking\/\">Mutillidae \u2013 Vulnerable Web-Application To Learn Web Hacking<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2013\/06\/owasp-bricks-modular-deliberately-vulnerable-web-application\/\">OWASP Bricks \u2013 Modular Deliberately Vulnerable Web Application<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2010\/12\/wackopicko-vulnerable-website-for-learning-security-tool-evaluation\/\">WackoPicko \u2013 Vulnerable Website For Learning &#038; Security Tool Evaluation<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2010\/05\/jarlsberg-learn-web-application-exploits-and-defenses\/\">Jarlsberg \u2013 Learn Web Application Exploits and Defenses<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2009\/07\/damn-vulnerable-web-app-learn-practise-web-hacking\/\">Damn Vulnerable Web App \u2013 Learn &#038; Practise Web Hacking<\/a><\/p>\n<h2>What can you learn from OWASP WebGoat?<\/h2>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<ul>\n<li>Cross-site Scripting (XSS)<\/li>\n<li>Access Control<\/li>\n<li>Thread Safety<\/li>\n<li>Hidden Form Field Manipulation<\/li>\n<li>Parameter Manipulation<\/li>\n<li>Weak Session Cookies<\/li>\n<li>Blind SQL Injection<\/li>\n<li>Numeric SQL Injection<\/li>\n<li>String SQL Injection<\/li>\n<li>Web Services<\/li>\n<li>Fail Open Authentication<\/li>\n<li>Dangers of HTML Comments<\/li>\n<li>&#8230; and many more!<\/li>\n<\/ul>\n<h3>How to use OWASP WebGoat &#038; Tutorials<\/h3>\n<p>The easiest way to start WebGoat is to use Docker.<\/p>\n<p>Run it Docker:<\/p>\n<pre>docker run -p 8080:8080 webgoat\/webgoat-7.1<\/pre>\n<p>Browse to <code>http:\/\/localhost:8080\/WebGoat<\/code> and Happy Hacking!<\/p>\n<p>You find tutorials, installation details and everything else you need to get going here:<\/p>\n<p><a href=\"https:\/\/github.com\/WebGoat\/WebGoat\/wiki\">https:\/\/github.com\/WebGoat\/WebGoat\/wiki<\/a><\/p>\n<h4>WebGoat Download<\/h4>\n<p>The WebGoat download for 7.1 is here:<\/p>\n<p><a href=\"https:\/\/github.com\/WebGoat\/WebGoat\/releases\/download\/7.1\/webgoat-container-7.1-exec.jar\">webgoat-container-7.1-exec.jar<\/a><\/p>\n<p>Or read more <a href=\"https:\/\/www.owasp.org\/index.php\/Category:OWASP_WebGoat_Project\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques. What does OWASP WebGoat Do? In each lesson, users must [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. Learn SQL Injection, XSS etc.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[15],"tags":[2402,839,1842,6329,4966],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4013"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=4013"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4013\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=4013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=4013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=4013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}