WebGoat is an intentionally insecure web application designed by OWASP to teach web application security lessons. You can practice on your system by installing WebGoat. In detail “What is Webgoat?” We reviewed Webgoat in our article. For installation, we first download webgoat from the link below. We open the WebGoat-WASP_Standard file using the following command.
sudo p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z
Now we enter the Webgoat folder. You will need to start WebGoat as root.
We start Webgoat with the following command.
sh webgoat.sh start8080
We start your browser and go to http://localhost/webgoat/attack. You can login with the general username and password below.
User = guest,
Password = guest