Web Security

WebGoat 8

WebGoat is a web application that is deliberately vulnerable, to try out how such vulnerabilities can be exploited. It runs as a web application on the Apache Tomcat web server; Apache Tomcat is included when you download and install WebGoat. It uses Java, so if you don't have that, install that first.

To install WebGoat on your own laptop

Follow the Standalone instructions on github.

NB it is better to start WebGoat from the command line, with

    java -jar webgoat-server-8.0.0.M21.jar
and not by double-clicking the jar, because on the command line you can then see if WebGoat fails to start or crashes for some reason.


More info about WebGoat on the OWASP WebGoat site. There is also a WebGoat FAQ on github.