Information Networking Security and Assurance Lab National Chung Cheng University WebGoat
Information Networking Security and Assurance Lab National Chung Cheng University 2 Contents Overview Environment Install Required Software Install WebGoat Getting Started Usage of WebGoat Example
Information Networking Security and Assurance Lab National Chung Cheng University 3 Overview Illustrate Typical Security Flaws within Web- Applications Teach a Structured Approach to Testing and Exploiting Give Practical Training and Examples
Information Networking Security and Assurance Lab National Chung Cheng University 4 Environment OS Red Hat Linux 7.3 ( ) Required Software Java Development Kit Apache Ant Tomcat
Information Networking Security and Assurance Lab National Chung Cheng University 5 Install Required Software Java 2 SDK, Standard Edition 1.4.2_04
Information Networking Security and Assurance Lab National Chung Cheng University 6 Install Required Software (cont.) Unpacking the Package
Information Networking Security and Assurance Lab National Chung Cheng University 7 Install Required Software (cont.) Installing JDK RPM Package
Information Networking Security and Assurance Lab National Chung Cheng University 8 Install Required Software Downloading Apache ANT
Information Networking Security and Assurance Lab National Chung Cheng University 9 Install Required Software (cont.) Unpacking the Package
Information Networking Security and Assurance Lab National Chung Cheng University 10 Install Required Software (cont.) Building and Installing Apache Ant
Information Networking Security and Assurance Lab National Chung Cheng University 11 Install Required Software (cont.) Downloading Tomcat 5
Information Networking Security and Assurance Lab National Chung Cheng University 12 Install Required Software (cont.) Uncompressing the Package
Information Networking Security and Assurance Lab National Chung Cheng University 13 Install Required Software (cont.) Building All Components of Tomcat 5
Information Networking Security and Assurance Lab National Chung Cheng University 14 Install Required Software (cont.) Running Tomcat 5
Information Networking Security and Assurance Lab National Chung Cheng University 15 Install Required Software (cont.) Testing Tomcat 5
Information Networking Security and Assurance Lab National Chung Cheng University 16 Install WebGoat Download WebGoat Source Distribution
Information Networking Security and Assurance Lab National Chung Cheng University 17 Install WebGoat (cont.) Put catalina-ant.jar into /usr/local/ant/lib
Information Networking Security and Assurance Lab National Chung Cheng University 18 Install WebGoat (cont.) Unpacking the WebGoat src Distribution
Information Networking Security and Assurance Lab National Chung Cheng University 19 Install WebGoat (cont.) Modify catalina.home property in build.xml to specify tomcat installation directory
Information Networking Security and Assurance Lab National Chung Cheng University 20 Install WebGoat (cont.) Add to the tomcat_home/conf/tomcat-users.xml file
Information Networking Security and Assurance Lab National Chung Cheng University 21 Install WebGoat (cont.) Uncomment the invoker mapping in web.xml
Information Networking Security and Assurance Lab National Chung Cheng University 22 Install WebGoat (cont.) Starting the Compile
Information Networking Security and Assurance Lab National Chung Cheng University 23 Install WebGoat (cont.) Create a New WebGoat.war File
Information Networking Security and Assurance Lab National Chung Cheng University 24 Install WebGoat (cont.) Installing WebGoat
Information Networking Security and Assurance Lab National Chung Cheng University 25 Getting Started Running Tomcat 5 and Trying
Information Networking Security and Assurance Lab National Chung Cheng University 26 Usage of WebGoat Lesson Plans
Information Networking Security and Assurance Lab National Chung Cheng University 27 Lesson Plans Http Basics How to Perform Database Cross Site Scripting (xss) How to Spoof an Authentication Cookie How to Exploit Hidden Fields How to Discover Clues in the HTML How to Perform Parameter Injection How to Perform SQL Injection How to Exploit Thread Safety Problems How to Exploit Unchecked How to Spoof an Authentication Cookie Putting it all together
Information Networking Security and Assurance Lab National Chung Cheng University 28 Lesson Plans (cont.)
Information Networking Security and Assurance Lab National Chung Cheng University 29 Example: SQL Injection
Information Networking Security and Assurance Lab National Chung Cheng University 30 Example: SQL Injection (cont.)
Information Networking Security and Assurance Lab National Chung Cheng University 31 Example: SQL Injection (cont.)
Information Networking Security and Assurance Lab National Chung Cheng University 32 Example: SQL Injection (cont.)
Information Networking Security and Assurance Lab National Chung Cheng University 33 Example: SQL Injection (cont.)
Information Networking Security and Assurance Lab National Chung Cheng University 34 Example: SQL Injection (cont.)