https://www.ostechnix.com/webgoat-teaches-fix-web-application-flaws-real-time
Good day, web developers! Today, we are going to discuss
about a super useful application that teaches you web application
security lessons. Say hello to WebGoat, a deliberately insecure web application developed by OWASP,
with the intention of teaching how to fix common web application flaws
in real-time with hands-on exercises. This application can be quite
useful for those who wants to learn about application security and
penetration testing techniques.
A word of caution: WebGoat is PURELY FOR EDUCATIONAL PURPOSE.
It turns your system extremely vulnerable to attackers. So, I insist
you to use it in a virtual machine in your local area network. Don’t
connect your testing machine to Internet. If you are using it in a
production environment either intentionally or unknowingly, your company
will definitely fire you. You have been warned!
Install it using Docker
Refer the following links to install Docker if you haven’t installed it already.
After installing Docker, run the following command to deploy WebGoat 7.1 stable version.
Make sure you have installed Java. Then, download the latest WebGoat version from the releases page.
Finally, start WebGoat as shown below.
Log in with: webgoat/webgoat. This is administrative login. You can also use normal user account: guest/guest.
Now, you will be landed in the overview section of WebGoat where you
various instructions on how to work with WebGoat to fix common flaws and
vulnerabilities of a web application.
As you can see, there are many lesson categories at the left pane. Click on a category to view the included lessons.
For example, let me choose Injection Flaws -> Common Injection lesson plan.
As you can see, there 5 tabs for the selected lesson.
Happy hacking!
Cheers!
Resource:
Deploy WebGoat
WebGoat can be deployed either using Docker or as a standalone application. Since, it is purely for learning and educational purpose, I prefer to use it in Docker.Install it using Docker
Refer the following links to install Docker if you haven’t installed it already.
After installing Docker, run the following command to deploy WebGoat 7.1 stable version.
sudo docker run -p 8080:8080 webgoat/webgoat-7.1
This command will pull the latest WebGoat docker image and start the
WebGoat instance in few minutes. Once it has started, you will see an
output something like below.[...] 2017-12-05 11:22:50,132 INFO - FrameworkServlet 'mvc-dispatcher': initialization completed in 533 ms 2017-12-05 11:22:50,171 INFO - Initializing main webgoat servlet 2017-12-05 11:22:50,173 INFO - Browse to http://localhost:8080/WebGoat and happy hacking! Dec 05, 2017 11:22:50 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting ProtocolHandler ["http-bio-8080"]Install it as a standalone application
Make sure you have installed Java. Then, download the latest WebGoat version from the releases page.
Finally, start WebGoat as shown below.
java -jar webwolf-<Now it is time to fix the vulnerabilities. As I mentioned earlier, disconnect the Internet before start using it.>.jar
Learn To Fix Web Application Flaws In Real-time using WebGoat
Open up your web browse and navigate to http://localhost:8080/WebGoat or http://IP-address:8080/WebGoat. You will see with the following screen.Log in with: webgoat/webgoat. This is administrative login. You can also use normal user account: guest/guest.
As you can see, there are many lesson categories at the left pane. Click on a category to view the included lessons.
For example, let me choose Injection Flaws -> Common Injection lesson plan.
As you can see, there 5 tabs for the selected lesson.
- Show Source – This will show the underlying Java source code.
- Show Solution – This will show the complete solution of the selected lesson.
- Show Plan – This will show goals and objectives of the lesson.
- Show Hints – This will show technical hints to solve the lesson.
- Restart Lesson – If you want to restart a lesson you can use this link.
Happy hacking!
Cheers!
Resource:
No comments:
Post a Comment