Thursday, February 23, 2012

WebGoat- Learn Web Application Security Concepts

You have the whole web to learn and test your hacking skills but you don't break the limits. Hacking should always be to get good out of it . I like the recent Google Chrome advertisement which says "The web is what you make out of it". This a completely true statement.
 WebGoat is a very interesting application which designed in  "JSP and Servlets" that contains lots of practice lessons for hacking . The lessons cover all the basic and advanced techniques with hints and solutions and gives you a very good understanding of real time hacking . I feel that all the beginners and even the experts hackers should defiantly give it a try as there are lots of things to twist every level of hacker.  

In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

Why the name 'WebGoat'? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat!

WebGoat is written in Java and therefore installs on any platform with a Java virtual machine. There are installation programs for Linux, OS X Tiger and Windows. Once deployed, the user can go through the lessons and track their progress with the scorecard. There are currently over 30 lessons, including those dealing with the following issues 

  • Cross-site Scripting (XSS)
  • Access Control
  • Thread Safety
  • Hidden Form Field Manipulation
  • Parameter Manipulation
  • Weak Session Cookies
  • Blind SQL Injection 
  • Numeric SQL Injection
  • String SQL Injection
  • Web Services
  • Fail Open Authentication
  • Dangers of HTML Comments  
  • ............ and many more!!!!!!!                 
 The project is developed by OWASP and can be download at this link - 

>> OWASP-WebGoat

 The installation and usage is simple and you can find complete documentation at this link -

>> OWASP WebGoat Installation

Connect With us on Facebook


Written by

Hello, My name is Ankit Bhandari You can visit and Learn Ethical Hacking from my blog. But all these hacking tricks only for educational purpose. Me and My Blog will not responsible for any wrong use of this. Enjoy it but never miss use it.


Post a Comment


© 2014 Invisible Hackers. All rights Reserved. Designed by InvisibleHackers