Launching Visual Studio
If nothing happens, download the gocnhintangphat.com extension for Visual Studio and try again.
Đang xem: Webgoat là gì về bảo mật? cài Đặt webgoat Để học security testing
Go back
IntroductionWebGoat is a deliberately insecure web application maintained by OWASP designed to teach webapplication security lessons.
This program is a demonstration of common server-side application flaws. Theexercises are intended to be used by people to learn about application security andpenetration testing techniques.
WARNING 1: While running this program your machine will be extremelyvulnerable to attack. You should disconnect from the Internet while usingthis program. WebGoat”s default configuration binds to localhost to minimizethe exposure.
WARNING 2: This program is for educational purposes only. If you attemptthese techniques without authorization, you are very likely to get caught. Ifyou are caught engaging in unauthorized hacking, most companies will fire you.Claiming that you were doing security research will not work as that is thefirst thing that all hackers claim.
Installation Instructions:
1. Run using Docker
Every release is also published on DockerHub.
Xem thêm: Tuyệt Chủng Là Gì – 15 Loài Nguy Cấp Nhất Hành Tinh
Using docker run
The easiest way to start WebGoat as a Docker container is to use the all-in-one docker container. This is a docker image that has WebGoat and WebWolf running inside.
docker run -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
WebGoat will be located at: http://127.0.0.1:8080/WebGoatWebWolf will be located at: http://127.0.0.1:9090/WebWolf
Important: Choose the correct timezone, so that the docker container and your host are in the same timezone. As it is important for the validity of JWT tokens used in certain exercises.
2. Standalone
Download the latest WebGoat and WebWolf release from https://gocnhintangphat.com/WebGoat/WebGoat/releases
java -jar webgoat-server-8.1.0.jar <--server.port=8080> <--server.address=localhost>java -jar webwolf-8.1.0.jar <--server.port=9090> <--server.address=localhost>
The latest version of WebGoat needs Java 15 or above. By default, WebGoat and Webwolf start on port 8080, 9000 and 9090 with the environment variable WEBGOAT_PORT, WEBGOAT_HSQLPORT and WEBWOLF_PORT you can set different values.
export WEBGOAT_PORT=18080export WEBGOAT_HSQLPORT=19001export WEBWOLF_PORT=19090java -jar webgoat-server-8.1.0.jarjava -jar webwolf-8.1.0.jar
Use set instead of export if you”re using Windows cmd.
3. Run from the sources
Prerequisites:
Java 15Maven > 3.2.1Your favorite IDEGit, or Git support in your IDEOpen a command shell/window:
git clone git
gocnhintangphat.com:WebGoat/WebGoat.git
Now let”s start by compiling the project.
cd WebGoatgit checkout branch_name>>mvn clean install
Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
Xem thêm: ” Sole Trader Là Gì ? Nghĩa Của Từ Sole Proprietorship Trong Tiếng Việt
mvn -pl webgoat-server spring-boot:run
… you should be running webgoat on localhost:8080/WebGoat momentarily
To change the IP address add the following variable to the WebGoat/webgoat-container/src/main/resources/application.properties file:
server.address=x.x.x.x
4. Run with custom menu
For specialist only. There is a way to set up WebGoat with a personalized menu. You can leave out some menu categories or individual lessons by setting certain environment variables.
For instance running as a jar on a Linux/macOS it will look like this:
export EXCLUDE_CATEGORIES=”CLIENT_SIDE,GENERAL,CHALLENGE”export EXCLUDE_LESSONS=”SqlInjectionAdvanced,SqlInjectionMitigations”java -jar webgoat-server/target/webgoat-server-v8.2.0-SNAPSHOT.jar
Or in a docker run it would (once this version is pushed into docker hub) look like this: