WebGoat for .Net is OWASP's intentionally insecure website created so that web developers can practice hardening their own websites.
WebGoat for .Net uses:
- Visual Studio 2010
- ASP.NET WebForms
- SQL Server Express
- Entity Framework 4.1 Code First
WebGoat for .Net can be downloaded on GitHub.
- Download the project as a zip file here.
- Unzip it to My Documents/Visual Studio 2010/Projects/WebGoat.Net
- Open the Solution in Visual Studion 2010. You can do this by double-clicking on the WebGoat.Net.sln file.
- Hit F5 to begin running it.
If you have problems, send a tweet to @Rap_Payne with a hashtag of #WebGoat.Net
The WebGoat for .Net project was written by Rap Payne. He can be contacted at RapPayne AT AgileGadgets.com. Rap is available to provide training on web application security and .Net web development.
If you are interested in contributing to WebGoat for .Net or have a comment, question, or suggestion, please contact Rap Payne.