Web Penetration Lab Setup using Webgoat in kali Linux

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat. There are other ‘goats’ such as WebGoat for .Net. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application aims to provide a realistic teaching environment, providing users with hints and code to further explain the lesson.

First Download webgoat from here and Unzip the WebGoat-OWASP_Standard using following command

p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z

Now goto webgoat folder now you will need to start/stop WebGoat as root

Sh webgoat.sh start8080

Start your browser and browse to http://localhost/webgoat/attack

Login in as:

user = guest,

password = guest

Leave a Reply

Your email address will not be published. Required fields are marked *