WebGoat – A Deliberately Insecure Web Application

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

WebGoat - Deliberately Insecure Web Application
WebGoat – Deliberately Insecure Web Application

Theory learning is important and there are a large list of resources to learn more about how to run attack against web application while with WebGoat it will provide users both theory and practical consolidation to make the attack obvious and clear for the user and this make it suitable for training purposes.

The framework include 30 different types of attacks with different elements such as lectures, labs , tests and exam results. The list of courses is extensive to cover basic HTML knowledge, access control, various types of XSS attacks , several types of Injections, Buffer Overflow, working with CSS and hidden fields in forms and more.

There is a walk-through and explanation for each problem beside providing hints and code with a practical demo for hacking the exposed vulnerability. each phase passed it will be flagged as completed in green. This is convenient and you don’t need to build your own test lab for learning.

You can read more and download this framework over here: https://owasp.org/www-project-webgoat/

Notify of
Inline Feedbacks
View all comments