What is WebGoat and How to setup WebGoat in Linux?
What is WebGoat?
WebGoat is an intentionally vulnerable web application which is maintained by OWASP. The aim of WebGoat is to teach web application security issues. This vulnerable web application demonstrates how to exploit common server-side flaws. WebGoat helps to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.
How to setup WebGoat?
Here, I’m discussing how to setup WebGoat in a Linux OS(I prefer Kali Linux). Before setting up WebGoat, we’ve to do some updates and upgrades in the linux machine. So lets do that first.
The commands to update and upgrade are :-
- sudo apt-get update
- sudo apt-get upgrade
- sudo apt-get dist-upgrade
Lets jump to WebGoat now. First we need to visit the OWASP WebGoat website.
Then click Standalone Jars.
This will redirect you to a Github page of WebGoat. From there, we’ve to download latest version of WebGoat.
Scroll down a little bit and we can see a section called Assets and from there, we’ll download latest version of WebGoat Server.
After completing download, change the directory to Downloads and run the command listed below to execute the WebGoat Server.
sudo java -Dfile.encoding=UTF-8 -Dwebgoat.port=53666 -Dwebwolf.port=9090 -jar webgoat-server-8.2.2.jar
Here, we can see the command has started to execute. It might take 2–3 minutes to complete. When its done, It’ll show like this,
This clearly says the web server has started and it is hosted on localhost with path /WebGoat. So now we’ve to visit the WebGoat page locally hosted in our browser.
And after visiting, it’ll show like this,
Click Register new user.
Enter user details and also read Terms of use, it is important. Then click Sign up. This will redirect to WebGoat homepage.
So we successfully installed WebGoat.
