Webgoat là gì về bảo mật? cài Đặt webgoat Để học security testing

      154
Launching Visual Studio

If nothing happens, tải về the gocnhintangphat.com extension for Visual Studio & try again.

Bạn đang xem: Webgoat là gì về bảo mật? cài Đặt webgoat Để học security testing

Go baông xã
*
*
*
*
*
*

IntroductionWebGoat is a deliberately insecure web application maintained by OWASP designed khổng lồ teach webapplication security lessons.

This program is a demonstration of common server-side application flaws. Theexercises are intended lớn be used by people khổng lồ learn about application security andpenetration testing techniques.

WARNING 1: While running this program your machine will be extremelyvulnerable to attaông xã. You should disconnect from the Internet while usingthis program. WebGoat"s default configuration binds to lớn localhost to lớn minimizethe exposure.

WARNING 2: This program is for educational purposes only. If you attemptthese techniques without authorization, you are very likely to lớn get caught. Ifyou are caught engaging in unauthorized hacking, most companies will fire you.Claiming that you were doing security research will not work as that is thefirst thing that all hackers clayên ổn.

Installation Instructions:

1. Run using Docker

Every release is also published on DockerHub.

Xem thêm: Tuyệt Chủng Là Gì - 15 Loài Nguy Cấp Nhất Hành Tinh

Using docker run

The easiest way to start WebGoat as a Docker container is to use the all-in-one docker container. This is a docker image that has WebGoat & WebWolf running inside.


docker run -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
WebGoat will be located at: http://127.0.0.1:8080/WebGoatWebWolf will be located at: http://127.0.0.1:9090/WebWolf

Important: Choose the correct timezone, so that the docker container và your host are in the same timezone. As it is important for the validity of JWT tokens used in certain exercises.

2. Standalone

Download the lathử nghiệm WebGoat & WebWolf release from https://gocnhintangphat.com/WebGoat/WebGoat/releases


java -jar webgoat-server-8.1.0.jar <--VPS.port=8080> <--hệ thống.address=localhost>java -jar webwolf-8.1.0.jar <--VPS.port=9090> <--server.address=localhost>
The lathử nghiệm version of WebGoat needs Java 15 or above. By default, WebGoat & Webwolf start on port 8080, 9000 and 9090 with the environment variable WEBGOAT_PORT, WEBGOAT_HSQLPORT & WEBWOLF_PORT you can mix different values.


export WEBGOAT_PORT=18080export WEBGOAT_HSQLPORT=19001export WEBWOLF_PORT=19090java -jar webgoat-server-8.1.0.jarjava -jar webwolf-8.1.0.jar
Use set instead of export if you"re using Windows cmd.

3. Run from the sources

Prerequisites:

Java 15Maven > 3.2.1Your favorite IDEGit, or Git tư vấn in your IDEmở cửa a commvà shell/window:


git clone git
gocnhintangphat.com:WebGoat/WebGoat.git
Now let"s start by compiling the project.


cd WebGoatgit checkout branch_name>>mvn clean install
Now we are ready to lớn run the project. WebGoat 8.x is using Spring-Boot.


mvn -pl webgoat-server spring-boot:run
... you should be running webgoat on localhost:8080/WebGoat momentarily

To change the IPhường. address add the following variable to the WebGoat/webgoat-container/src/main/resources/application.properties file:

VPS.address=x.x.x.x

4. Run with custom menu

For speciadanh sách only. There is a way to lớn phối up WebGoat with a personalized menu. You can leave sầu out some menu categories or individual lessons by web4_setting certain environment variables.

For instance running as a jar on a Linux/macOS it will look like this:


export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE"export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations"java -jar webgoat-server/target/webgoat-server-v8.2.0-SNAPSHOT.jar
Or in a docker run it would (once this version is pushed inkhổng lồ docker hub) look like this: