OWASP WebGoat V2 - beta 1 (Java)

Learning about web application security is sometimes hard. Whilst most people have a copy of Linux or Windows NT running at home, very few of us have the ability to have an Internet book store to play with in the evenings. Not only that there are times when security professionals want to be able to test tools against a known vulnerable platform to ensure they perform as advertised. And all of this needs to happen in a safe, legal environment, your own !

The WebGoat project are setting out to change that. This project has created an application that will serve as;

• An Interactive Learning Environment for Web Application Security
• A Testing Platform & Benchmark for Security Tools
• A Web Application "Honey Pot"
  *
  Why the name WebGoat ? ScapeGoat, get it. Just blame it on the Goat !

WebGoat was created and developed by Jeff Williams and Bruce Mayhew of Aspect Security, a provider of J2EE and .NET security services. They clearly know their stuff !

WebGoat is based on the concept of teaching a user a real world lesson and then asking them to demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they turn the option on.

Users can easily add their own interactive lessons and we encourage people to write lessons and submit them to us for inclusion in the release files.

This beta release will coninue to be refined before the final 2.0 release before the ed of the year but as this is a significant step forward from Version 1.0 we wanted to release it now.

WebGoat is written in Java and requires J2SDK1.4 and a servlet container. It will run on any platform with JVM support so Linux and Win32, MacOS, OS-X etc It has been tested on Apache Tomcat.

You can download the beta code and see screenshots at http://www.owasp.org/webgoat/

-- 
Mark Curphey 

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek