become a hacker with webgoat
WebGoat is a insecure web application which is designed to teach web application security concepts.
You can try hacking: Access Control Flaws, Authentication Flaws, Session Management Flaws, Cross-Site Scripting (XSS), Buffer Overflows, Injection Flaws, Improper Error Handling, Insecure Storage, Denial of Service, Insecure Configuration, Web Services and AJAX Security.
There is a “Lesson Plan” a kind of tutorial and in the “Hints Menu” you can view the parameters, cookies, the Code and the solution.
It’s a lot of fun and you learn more about web application security.
You can download the app from http://code.google.com/p/webgoat/.
It comes with the Java Runtime Environment and a configured Tomcat 5.5
server and should run on any platform.
If you are using Linux or OSX you must download http://webgoat.googlecode.com/svn/tags/webgoat-5.1/main/webgoat.sh to start webgoat.
Put the webgoat.sh in your unpacked webgoat directory and start it
with the terminal:
$ sh webgoat.sh start8080
On Windows it should run throw a double-click on webgoat8080.bat.
Browse to http://guest:guest@127.0.0.1:8080/WebGoat/attack with your
browser and start your first lesson.
happy hacking
