WebGoat 8: A deliberately insecure Web Application


It may take a few seconds to startup WebGoat. After launching the project, visit http://***.vsplate.me/WebGoat/ to start the lesson.

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat. There are other 'goats' such as WebGoat for .Net. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application aims to provide a realistic teaching environment, providing users with hints and code to further explain the lesson.

This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

Why the name "WebGoat"? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat!

WebGoat 8.0 Wiki - https://github.com/WebGoat/WebGoat/wiki

GitHub Source



WebGoat/WebGoat - https://github.com/WebGoat/WebGoat
Category:OWASP WebGoat Project - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

All rights reserved. © 2018 VULNSPY