Installing Webgoat in Backtrack

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

1. Before installing firs download webgoat from this link .
2. To extract the file format 7zip, install p7zip by :
    apt-get install p7zip
3. Now extract webgoat file :
    p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z
4. if the extract has been completed, go into the folder extract :
    cd WebGoat-OWASP_Standard-5.3_RC1
5. change the file permissions webgoat.sh to be executable  by this commant :
    chmod +x webgoat.sh
6. webgoat need to run the OpenJDK-6-jre and openjdk-6-jdk, and to get it can use the following command :
    apt-get install openjdk-6-jre openjdk-6-jdk
7. After installation is now ready to run webgoat on port 80 or 8080 by this commant:
    ./webgoat.sh start80 or ./webgoat star8080


Now we can open webgoat from browser bay this url http://127.0.0.1/webgoat/attack


To get clearer information about webgoat please visit OWASP Webgoat Project

Comments

Popular posts from this blog

Grabbing Proxy With Selenium and Python

Authorization Testing

Bypass HTML Field Restrictions