WebGoat Logo

WebGoat

0
Free
1 saves
Updated 14 August 2025
Visit Website

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques. WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat's default configuration binds to localhost to minimize the exposure. WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim. Installation instructions: For more details check the Contribution guide 1. Run using Docker Already have a browser and ZAP and/or Burp installed on your machine in this case you can run the WebGoat image directly using Docker. Every release is a

FEATURES

SIMILAR TOOLS

Blue-team capture the flag competition for improving cybersecurity skills.

CloudGoat is a 'Vulnerable by Design' AWS deployment tool for honing cloud cybersecurity skills through 'capture-the-flag' style scenarios.

A wargame that challenges your hacking skills

A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.

An article in Phrack Magazine discussing the creation of shellcode for StrongARM/Linux architecture.

Research project on bypassing default Falco ruleset with Dockerfile for sshayb/fuber:latest image.

A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.

A compilation of Red Teaming resources including cheatsheets, notes, scripts, and practice platforms for cybersecurity learning and skill development.

A comprehensive cybersecurity resource for learning and education

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved