WebGoat is a purposely vulnerable web application developed by OWASP to help teach students about the OWASP Top 10.

• Introduction
• General
• (A1) Broken Access Control
• (A2) Cryptographic Failures
• (A3) Injection
• (A5) Security Misconfiguration
• (A6) Vuln & Outdated Components
• (A7) Identity & Auth Failure
• (A8) Software & Data Integrity
• (A9) Security Logging Failures
• (A10) Sever-Side Request Forgery
• Client Side
• Challenges

Setting Up

I like to run Webgoat and Webwolf in a docker container. The commands that I use to start up the container:

Pull the container:

docker pull webgoat/goatandwolf

Start the container:

sudo docker run --name goatandwolf -p 8080:8080 -p 9090:9090 webgoat/goatandwolf

You can now access webgoat at localhost:8080/WebGoat and webwolf at localhost:9090/home

Once you reach the site, register a new user by selecting a Username and creating a password. Agree to the terms and conditions. Once you click on Sign up it will log you in.

Introduction ->