Difference between revisions of "OWASP/Training/OWASP WebGoat Project"

From OWASP
Jump to: navigation, search
 
(6 intermediate revisions by one user not shown)
Line 2: Line 2:
 
| Module_designation = [[:Category:OWASP_WebGoat_Project|OWASP WebGoat Project]]
 
| Module_designation = [[:Category:OWASP_WebGoat_Project|OWASP WebGoat Project]]
 
| Module_Overview_Goal =
 
| Module_Overview_Goal =
 +
 +
Web Goat is a deliberately insecure J2EE web application to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.
 +
 
| Content =  
 
| Content =  
 +
WebGoat is written in Java and therefore installs on any platform with a Java virtual machine. Once deployed, the user can go through the lessons and track their progress with the scorecard. There are currently over 30 lessons, including those dealing with the following issues:
 +
 +
* [[Cross-site Scripting (XSS)]]
 +
* Access Control
 +
* Thread Safety
 +
* [[Unvalidated_Input|Hidden Form Field Manipulation]]
 +
* Parameter Manipulation
 +
* [[Session_Management#Weak_Session_Cryptographic_Algorithms|Weak Session Cookies]]
 +
* Blind [[SQL injection|SQL Injection]]
 +
* Numeric SQL Injection
 +
* String SQL Injection
 +
* [[Web Services]]
 +
* [[Improper_Error_Handling|Fail Open Authentication]]
 +
* Dangers of HTML Comments
 +
* ... and many more!
 +
 
 
 
 
* Content_X<br>
+
| Material = [http://www.owasp.org/images/5/55/OWASP_WebGoat.ppt Web Goat Presentation]
* Content_Y<br>
+
* Content_Z<br>
+
&nbsp;
+
| Material = [http:// TBD]
+
 
}}
 
}}
 +
 +
 +
 +
[[Category:OWASP_Training|Training]]

Latest revision as of 12:22, 23 November 2010

MODULE
OWASP WebGoat Project
Overview & Goal
Web Goat is a deliberately insecure J2EE web application to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.
Contents Materials
WebGoat is written in Java and therefore installs on any platform with a Java virtual machine. Once deployed, the user can go through the lessons and track their progress with the scorecard. There are currently over 30 lessons, including those dealing with the following issues:

 

Web Goat Presentation