WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.
1. Before installing firs download webgoat from this link .
2. To extract the file format 7zip, install p7zip by :
apt-get install p7zip
3. Now extract webgoat file :
p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z
4. if the extract has been completed, go into the folder extract :
cd WebGoat-OWASP_Standard-5.3_RC1
5. change the file permissions webgoat.sh to be executable by this commant :
chmod +x webgoat.sh
6. webgoat need to run the OpenJDK-6-jre and openjdk-6-jdk, and to get it can use the following command :
apt-get install openjdk-6-jre openjdk-6-jdk
7. After installation is now ready to run webgoat on port 80 or 8080 by this commant:
./webgoat.sh start80 or ./webgoat star8080
Now we can open webgoat from browser bay this url http://127.0.0.1/webgoat/attack
No comments:
Post a Comment