WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. For downloads and more information, visit the WebGoat homepage.
- #122, new!
- Latest release
- 5.3 RC1
- Nov. 1, 2009 (12 years, 7 months ago)
- ★★★★★ (1)
★★★★★100% ★★★★0% ★★★0% ★★0% ★0%