Giter Site home page Giter Site logo

webgoat-vm's Introduction

#webgoat-vm

Play around with hacking a deliberately insecure web application.

This Virtual Machine setup for WebGoat 7.0 uses VagrantUP Virtual Machine to download Ubuntu and install Tomcat Server and the WebGoat application. It's ready for practicing penetration testing once booted within minutes!

When the virtual machine boots, WebGoat and it's dependancies are installed and ready to play with on:

http://127.0.0.1:50000/WebGoat

##Introduction

What is WebGoat?

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE (this page) or [WebGoat for .Net] in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

What is VagrantUP

VagrantUp is a pretty cool piece of virtualization software that allows you to spin up virtual machines from a command line and install software on them from a configuration file.

##Installation

Prerequisites

You will need to install the following software:

  • Install git to allow you to pull down the code from GitHub Code Repository
  • Install VagrantUp on your system, see VagrantUp
  • Install VirtualBox, a free, cross-platform consumer virtualization product. Virtualbox

Install WebGoat on a Virtual Machine

git clone https://github.com/jnyryan/webgoat-vm.git
cd webgoat-vm
vagrant up

##Usage

When Vagrant has run, WebGoat will be installed on a virtual machine and accessible through port 50000

Goto the following URL to

http://127.0.0.1:50000/WebGoat
- Username: guest
- Password: guest

Reset the Virtual Machine

The great thing about VagrantUP is that if you mess up, you can start again. Use the commands below to destroy the VM instance and re-provison it.

vagrant destroy
vagrant up

Get Penetration Testing

All the instructions are there on the website, so after logging in, read the introduction and have a go at hacking the system. Happy Hacking

References

webgoat-vm's People

Contributors

jnyryan avatar yunghans avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.