- August 6, 2013
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can take the proper precautions and implement effective software security strategies.
The WebGoat Project provides an platform for eager new security professionals to gain hands-on experience with fundamental security vulnerabilities. It is written in the Java language (J2EE) so it can be installed on a wide-spectrum of devices. It features different topics that have levels you can work your way through. There is even a scorecard that tracks your progress as you learn and build your security skills. There are over 30 issues ranging from Cross-site Scripting (XSS) to various SQL Injection methods and HTML manipulation.
The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security. In the future, the project team hopes to extend WebGoat into becoming a security benchmarking platform and a Java-based Web site Honeypot.
You can get started using WebGoat by clicking this link. The User Guide takes you through the steps of getting WebGoat installed on your machine and starting your first lessons in cyber-security.
Why the name “WebGoat”? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the ‘Goat!