Difference between revisions of "WebGoatPHP"

From OWASP
Jump to: navigation, search
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 +
<div style="width:100%;height:200px;border:0,margin:0;overflow: hidden;">[[Image:OWASP_Project_Header.jpg]] </div>
 +
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
Line 5: Line 8:
 
WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding.
 
WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding.
  
[https://github.com/shivamdixit/WebGoatPHP GitHub Repo]
+
[https://github.com/OWASP/OWASPWebGoatPHP GitHub Repo]
  
 
==What is WebGoatPHP==
 
==What is WebGoatPHP==
Line 16: Line 19:
 
* Penetration Testers, to learn the different kinds of attacking scenarios  
 
* Penetration Testers, to learn the different kinds of attacking scenarios  
 
* Teachers, to interactively teach students about web application security
 
* Teachers, to interactively teach students about web application security
 +
 +
==Contribute==
 +
To contribute, fork the code on [https://github.com/shivamdixit/WebGoatPHP GitHub] and send a pull request.
 +
Join the discussion on our [https://lists.owasp.org/mailman/listinfo/owasp_webgoatphp mailing list]
  
 
| valign="top"  style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
Line 37: Line 44:
  
 
==Major Contributors==
 
==Major Contributors==
*[[User:Johanna_Curiel|Johanna Curiel]]
 
 
*[[User:Azzeddine_RAMRAMI|Azzeddine]]
 
*[[User:Azzeddine_RAMRAMI|Azzeddine]]
*[[User:Shivam_Dixit|Shivam Dixit]]
 
  
To contribute, fork the code on github and send a pull request. Join the discussion on our [https://lists.owasp.org/mailman/listinfo/owasp_webgoatphp mailing list]
 
  
 
| valign="top"  style="padding-left:25px;width:200px;" |  
 
| valign="top"  style="padding-left:25px;width:200px;" |  
Line 47: Line 51:
 
==Project Leader==
 
==Project Leader==
  
[https://www.owasp.org/index.php/User:Abbas_Naderi Abbas Naderi]
+
*[[User:Shivam_Dixit|Shivam Dixit]]
 +
*[[User:Johanna_Curiel|Johanna Curiel]]
  
 
== Quick Download ==
 
== Quick Download ==
Line 54: Line 59:
  
  
== Website ==
+
== News and Events ==
 
+
* Post issues in CodeBounty.com for fixing
http://webgoatphp.com/
+
*Project adoption and kick off February 2016
  
== News and Events ==
 
 
==Classifications==
 
==Classifications==
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"

Latest revision as of 11:49, 12 October 2016

OWASP Project Header.jpg

OWASP WebGoatPHP

WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding.

GitHub Repo

What is WebGoatPHP

WebGoatPHP is a deliberately insecure web application developed using PHP to teach web application security. It offers a set of challenges based on various vulnerabilities listed in OWASP. The application is a realistic teaching environment and supports four different modes.

Why WebGoatPHP?

WebGoatPHP is suitable for:

  • Web Developers, to learn how to develop secure web applications
  • Penetration Testers, to learn the different kinds of attacking scenarios
  • Teachers, to interactively teach students about web application security

Contribute

To contribute, fork the code on GitHub and send a pull request. Join the discussion on our mailing list

Different Operating Modes

  • Single User Mode
  • Workshop Mode
  • Contest Mode
  • Secure Coding Mode

Types Of Challenges

  • Access Control Flaws
  • AJAX Security
  • Authentication Flaws
  • Code Quality
  • Injection Attacks
  • Cross-Site Scripting(XSS) Attacks
  • Brute Force Attacks
  • Session Management Flaws
  • Improper Error Handling

Major Contributors


Project Leader

Quick Download


News and Events

  • Post issues in CodeBounty.com for fixing
  • Project adoption and kick off February 2016

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png