Older installation instructions for WebGoat and WebScarab,
specifically for the terminal rooms in Huygens
To install WebGoat
- the Tomcat server in WebGoat does not seem to work on
Java 8, so use Java 7 instead.
- For starting WebGoat 5.4 on Linux, webgoat.sh has to be
edited so that it
doesn't execute the is_java_1dor5() check, for example by
28. Also, the JAVA_HOME environment variable will need to be
set to the
There is lots of additional info on installation and use at the
WebGoat 5.4 and WebScarab websites, but you shouldn't need that.
- using your own laptop or PC:
follow the instructions of our manual
of WebGoat and WebScarab on how to install and use the
The link to download WebGoat 5.4 (https://webgoat.googlecode.com/files/WebGoat-5.4-OWASP_Standard_Win32.zip)
- in HG00.075 and other faculty terminal rooms:
WebGoat are WebScarab in the cursus drive,
which is automatically mounted if you start Windows 7.
Go to Start > Computer and then to cursus (T:) > SWS2014
There you will find a README.txt with the instructions below:
Use the browser Chrome or Firefox with these tools, Internet Explorer 8 will not work.
- Copy the directories WebGoat-5.4 and WebScarab to the local C: or D: disk
(not to the Desktop)
- To run WebGoat: open D:\WebGoat-5.4\webgoat_8080
- To run WebScarab: open WebScarab\webscarab
For instructions on how to configure your browser and
of WebGoat and WebScarab:
(on page 4 and 7; you can skip all the other installation instructions).
Starting everything up after the installation
To keep an overview with all the tools and installation
instructions above: once everything is installed, you have to
and you should be ready to start on the exercises.
- start Webgoat,
- start WebScarab,
- start your browser - Firefox or Chrome, and
- configure the network connection settings to use localhost port 8008 as a proxy,
- surf to http://localhost/WebGoat/attack or http://localhost:8080/WebGoat/attack and login
guest with password guest.