WebGoat Logo

WebGoat

0
Free
Visit Website

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques. WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat's default configuration binds to localhost to minimize the exposure. WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim. Installation instructions: For more details check the Contribution guide 1. Run using Docker Already have a browser and ZAP and/or Burp installed on your machine in this case you can run the WebGoat image directly using Docker. Every release is a

FEATURES

ALTERNATIVES

Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.

Collection of industry and community cybersecurity courses and materials by M. E. Kabay.

A collection of reports and resources highlighting Android security vulnerabilities and best practices.

Best practices for corporate network segmentation to protect against basic targeted attacks

A comprehensive list of search filters for the SHODAN search engine.

Research project on bypassing default Falco ruleset with Dockerfile for sshayb/fuber:latest image.

A blog post discussing the differences between Solaris Zones, BSD Jails, VMs, and containers, with the author arguing that containers are not a real thing.

A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.