OWASP WebGoat 4.0 Released



User avatar


Posts: 4270

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jun 08, 2006 3:30 pm

OWASP WebGoat 4.0 Released

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

Why the name "WebGoat"? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat!

Unix and Windows versions are available.

Find out more and where to download:
http://www.owasp.org/index.php/Category ... at_Project

Have fun learning about web app security,


Post Sun Jul 30, 2006 11:00 am


my only gripes about webgoat is that 1) all the levels are not complete and 2) there is no answer key especially for the new levels and labs implemented in webgoat v4 and 3)there are no links to materials relevant to the lesson level.  that would be really handy because sometimes the hints are way to easy or just plain crap, saying go read these documents before you attempt the level would be much more condusive to an self-learn learning process.

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software