WebGoat
is a deliberately insecure web application maintained by OWASP designed to
teach web application security lessons. You can install and practice with
WebGoat. There are other 'goats' such as WebGoat for .Net. In each lesson,
users must demonstrate their understanding of a security issue by exploiting a
real vulnerability in the WebGoat applications. For example, in one of the
lessons the user must use SQL injection to steal fake credit card numbers. The
application aims to provide a realistic teaching environment, providing users
with hints and code to further explain the lesson.
First Download webgoat from here
and Unzip the WebGoat-OWASP_Standard using following command
p7zip -d
WebGoat-OWASP_Standard-5.3_RC1.7z
Now goto webgoat folder now you will need to start/stop
WebGoat as root
Sh webgoat.sh start8080
Start your browser and browse to http://localhost/webgoat/attack
Login in as:
user = guest,
password =
guest
0 comments:
Post a Comment