Difference between revisions of "OWASP/Training/OWASP WebGoat Project"

From OWASP
Jump to: navigation, search
Line 10: Line 10:
 
* [[Cross-site Scripting (XSS)]]
 
* [[Cross-site Scripting (XSS)]]
 
* Access Control
 
* Access Control
* [[Race conditions|Thread Safety]]
+
* Thread Safety
 
* [[Unvalidated_Input|Hidden Form Field Manipulation]]
 
* [[Unvalidated_Input|Hidden Form Field Manipulation]]
 
* Parameter Manipulation
 
* Parameter Manipulation

Revision as of 09:59, 14 April 2010

MODULE
OWASP WebGoat Project
Overview & Goal
Web Goat is a deliberately insecure J2EE web application to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.
Contents Materials
WebGoat is written in Java and therefore installs on any platform with a Java virtual machine. Once deployed, the user can go through the lessons and track their progress with the scorecard. There are currently over 30 lessons, including those dealing with the following issues:

 

Web Goat Presentation