Difference between revisions of "WebGoat Getting Started"

From OWASP
Jump to: navigation, search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[WebGoat User Guide Table of Contents]]
+
<webgoat/>[[WebGoat User Guide Table of Contents]]
 
__TOC__
 
__TOC__
  
Line 10: Line 10:
 
Running a personal firewall may prevent WebGoat from operating correctly. Disable any personal firewall while running WebGoat.
 
Running a personal firewall may prevent WebGoat from operating correctly. Disable any personal firewall while running WebGoat.
  
From a browser, the Tomcat server can be accessed on localhost port 80, e.g. <u>http://127.0.0.1:8080</u>
+
From a browser, the Tomcat server can be accessed on localhost port 80, e.g. <u>http://127.0.0.1</u>
 
+
WebGoat resides in the WebGoat directory, and the lessons can be found at: <u>http://127.0.0.1:8080/WebGoat/attack</u>
+
 
+
+
[[Image:WebGoat Sign In Page.gif]]
+
  
 
WebGoat resides in the WebGoat directory, and the lessons can be found at: <u>http://127.0.0.1/WebGoat/attack</u>.  
 
WebGoat resides in the WebGoat directory, and the lessons can be found at: <u>http://127.0.0.1/WebGoat/attack</u>.  
  
 
The WebGoat application enforces role based security. A login dialog requests credentials. Login as userid=guest, password=guest.
 
The WebGoat application enforces role based security. A login dialog requests credentials. Login as userid=guest, password=guest.
 +
 +
[[Image:WebGoat Sign In Page.gif|none|thumb|300px|Figure 1. Sign In Page]]
  
 
After a successful login the Tomcat server will show the WebGoat welcome page.
 
After a successful login the Tomcat server will show the WebGoat welcome page.
 
   
 
   
[[Image:WebGoat Welcome Page.gif]]
+
[[Image:WebGoat Welcome Page.gif|none|Figure 2. Welcome Page]]
 
   
 
   
 
 
 
  
 
[[WebGoat User Guide Table of Contents]]
 
[[WebGoat User Guide Table of Contents]]
 
[[Category:OWASP WebGoat Project]]
 
[[Category:OWASP WebGoat Project]]

Latest revision as of 15:22, 28 February 2008

WebGoat User Guide Table of Contents


In order to start using WebGoat, Tomcat must be launched using the startup script/bat in the Tomcat bin directory. For WebGoat to operate it must have permission to run as a server and allow some uncommon web behavior. When WebGoat is running it will make the host machine vulnerable to attack.

If the machine is connected to the internet it should be disconnected.

Running a personal firewall may prevent WebGoat from operating correctly. Disable any personal firewall while running WebGoat.

From a browser, the Tomcat server can be accessed on localhost port 80, e.g. http://127.0.0.1

WebGoat resides in the WebGoat directory, and the lessons can be found at: http://127.0.0.1/WebGoat/attack.

The WebGoat application enforces role based security. A login dialog requests credentials. Login as userid=guest, password=guest.

Figure 1. Sign In Page

After a successful login the Tomcat server will show the WebGoat welcome page.

Figure 2. Welcome Page


WebGoat User Guide Table of Contents