Home page logo


WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. For downloads and more information, visit the WebGoat homepage.

Popularity #122, new!
Rating ★★★★★ (1)
Latest release 5.3 RC1
Nov. 1, 2009
(11 years, 11 months ago)


★★★★★ devman

Great way to learn about web vulnerabilities. All of the OWASP T10 are included and yo u can learn in a fun way. +1

Comments disabled

Feed for updates.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]