Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP WebGoat v5 <Presenter> 16 April 2010.

Published byΣάββας ĒΔανιήλ Αλεξόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "OWASP WebGoat v5 <Presenter> 16 April 2010."— Presentation transcript:

1 OWASP WebGoat v5 <Presenter> 16 April 2010

2 What’s a WebGoat OWASP project with ~115,000 downloads Deliberately insecure Java EE web application Teaches common application vulnerabilities via a series of individual lessons

3 History of WebGoat Donated to OWASP by Aspect Security ~2002 Project Lead is Bruce Mayhew Started to receive outside contributions in 2005 v5 produced as AoC project

4 WebGoat Demonstrates Vulnerabilities
WebGoat uses “goatified” real world examples Cross site scripting SQL Injection Command Injection Forced Browsing Access Control Data, presentation, business, & environmental layers Authentication AJAX WebServices ….

5 Used by universities in security curriculum
Picking up Steam… Used by source code analysis and web application security scanning vendors for demos Used by universities in security curriculum Carnegie-Mellon Using WebGoat as open source project option University of Denver Wouldn’t it be great if students contributed lessons as part of their class projects!! OWASP Autumn 2006 and Spring of Code 2007 Projects Used by many companies as a training tool LOTS of s from user community

6 5.0 – Autumn of Code 2006 Release
What’s New in 5.X 5.0 – Autumn of Code 2006 Release Many new lessons AJAX, JSON, HTTP response splitting, CSRF, cache poisoning, log poisoning, XML & XPATH Injection, forced browsing 5.2 – current release Introduction and WebGoat instructions Multi Level Login Lesson Session Fixation Lesson Insecure Login Lesson Lesson Solution Videos Bug Report Feature

7 Create database schema common to all lessons
Roadmap Create database schema common to all lessons Convert lessons to a common theme HR System (WebGoat Financials) Online Banking or Video Store Make WebGoat more CBT like Teach application security, not just demonstate how to attack Convert lessons to JSPs for easier content editing

8 Demos – Lets go through some lessons!!

9 Questions and Answers Q & Q U E S T I O N S A N S W E R S A

Download ppt "OWASP WebGoat v5 <Presenter> 16 April 2010."

Similar presentations

Webgoat.

Webgoat.
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
CLS Process Variable Database By: Diony Medrano. CLS PV Database - Topics Background Design Constraints Design and Implementation Benefits and Future.

CLS Process Variable Database By: Diony Medrano. CLS PV Database - Topics Background Design Constraints Design and Implementation Benefits and Future.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.
SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!

SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
OWASP WEBGOAT Alaa Darabseh Department of Computer Science

OWASP WEBGOAT Alaa Darabseh Department of Computer Science
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Barracuda Web Application Firewall

Barracuda Web Application Firewall
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT

The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
The Jukebox Orian Paz & Yair Cleper Instructor: Viktor Kulikov Semester: Spring 2009 Final Presentation.

The Jukebox Orian Paz & Yair Cleper Instructor: Viktor Kulikov Semester: Spring 2009 Final Presentation.
Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.

Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.
Introduction to Web Application Security

Introduction to Web Application Security
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
OUCC 2015 Inspiring Innovation Presentation: Secure Web Apps via Language Security Checklists, Project Management Principles, and Cyclic App Pen Testing.

OUCC 2015 Inspiring Innovation Presentation: Secure Web Apps via Language Security Checklists, Project Management Principles, and Cyclic App Pen Testing.
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Similar presentations

Ads by Google