Shulou(Shulou.com)06/01 Report--

What is WebGoat? To quote the official introduction of OWASP:

WebGoat is an application platform developed by OWASP for web vulnerability experiments, which is used to explain the security vulnerabilities in web applications. WebGoat runs on a platform with a java virtual machine and currently offers more than 30 training courses, including: cross-site scripting (XSS), access control, thread safety, manipulation hidden fields, manipulation parameters, weak session cookie, SQL blind injection, digital SQL injection, string SQL injection, web services, Open Authentication failures, dangerous HTML comments, and so on. WebGoat provides a series of web security tutorials, and some courses also provide video demonstrations to guide users to exploit these vulnerabilities.

WebGoat has been version 5.4 for many years and has been upgraded to version 6 this year. Mainly based on the new framework and interface for the re-integration of various courses, the project home page is http://webgoat.github.io/.

Let's first take a look at the two versions of the interface:

In practice, the new version not only has a beautiful interface, but also the key is that the contents of options such as hints and solutions are more perfect and easy to learn. There are two ways to use WebGoat. One is to download and run the package WebGoat-6.0-exec-war.jar directly, and then:

Java-jar WebGoat-6.0-exec-war.jar

You can then use it in the native browser:

Http://localhost:8080/WebGoat

But individuals prefer another approach, which is to download the source package and use it through maven deployment. The advantage is that you can complete some courses that need to be modified to the source code, and are not limited to running locally. However, it is very troublesome to install the necessary environment such as tomcat, maven, java and so on, and it is very troublesome to set the parameters, so it is most convenient to use it directly on the Broken Web APP virtual machine of OWASP, because the environment has been built. The specific steps are as follows:

Download the WebGoat-Master.tar.gz, copy it to / var/www and decompress it to get the WebGoat-master project directory:

Because tomcat is already running when the virtual machine starts, stop the service before starting with mvn. Write several procedures in batches:

Cat > ~ / run_webgoat6.sh

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.