For years I've mostly been reading about network security, but now I feel I want to dive into application security some (a lot) more.
I've been chatting up with a friend of mine from a distant land, who does a lot of application security auditing, and who is quite active with OWASP.
He recommended WebGoat to me, as a good starting point.
It certainly seems an interesting piece of software to practice on, but just to make sure, I wanted to ask around here for opinions: did you do the lessons of WebGoat, and did you learn a thing or two from them?
Remember: I am a complete newbie in the field of appsec, however I have a fair bit of programming experience, which I hope will help to get in the right state of mind.
If it might be useful, I'm thinking of writing a little piece about my experiences with WebGoat once I'm going for it. As far as I can find, there is not such article on EHN yet?
Thanks in advance,