WebGoat Installation

WebGoat User Guide Table of Contents

WebGoat is a platform independent environment. It utilizes Apache Tomcat and the JAVA development environment. Installers are provided for Microsoft Windows and UN*X environments, together with notes for installation on other platforms.

Installing Java

 * 1) Install and deploy the approprite version from http://java.sun.com/downloads/ (1.4.1 or later)

Installing Tomcat

 * 1) Install and deploy core Tomcat from http://tomcat.apache.org/download-55.cgi

Installing to Windows

 * 1) Unzip the Windows_WebGoat-x.x.zip to your working environment
 * 2) To start Tomcat, browse to the WebGoat directory unzipped above and double click "webgoat.bat"
 * 3) Start your browser and browse to: http://localhost/WebGoat/attack This link is case-sensitive. Make sure to use a large ‘W’ and ‘G’.

Installing to Linux
JAVA_HOME="SET ME TO YOUR JAVA 1.5 JDK PATH"
 * 1) Unzip the Unix_WebGoat-x.x.zip to your working directory
 * 2) Edit the following line in webgoat.sh, set JAVA_HOME to your JDK1.5 path.
 * 1) Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.

sudo sh webgoat.sh start sudo sh webgoat.sh stop

Installing to OS X (Tiger 10.4+)

 * 1) Unzip the Unix_WebGoat-x.x.zip to your working directory
 * 2) Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.

sudo sh webgoat.sh start sudo sh webgoat.sh stop

Installing on FreeBSD
cd /usr/ports/www/tomcat55 sudo make install http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd6-i386-1.5.0_07-b01.tar.bz2
 * 1) Install Tomcat and Java from the ports collection
 * 1) You will be required to manually download the Java JDK to install it.  Instructions are given by the ports system about when and how to do this.  The URL looks like this:
 * 1) Unzip the Unix_WebGoat-x.x.zip to your working directory
 * 2) Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.

sudo sh webgoat.sh start sudo sh webgoat.sh stop

Running

 * 1) Start your browser and browse to: http://localhost/WebGoat/attack . Notice the capital 'W' and 'G'
 * 2) Login in as: user = guest, password = guest

Building
Skip these instructions if you are only interested in running WebGoat.

WebGoat is built using eclipse WTP 1.5.x. Please read the instructions at Goodle code to build the WebGoat application.

Return to the WebGoat User Guide Table of Contents