Webgoat

WebgoatBlame it on the Goat!

Run through and solve all exercises This part is broken up into 2-3 1 hour blocks http://xx.xx.xx.xx/WebGoat/attack

WebgoatGeneral

HTTP Basics Thread Safety

WebgoatCode Quality

HTML Clues

WebgoatUnvalidated Parameters

Hidden Field Tampering Unchecked Email JavaScript Validation

WebgoatBroken Access Control

Remote Admin Access Path Based Access Control Role Based Access Control

WebgoatBroken Authentication and Session Management

Forgot Password (N/A) Predictable Session Identifier Weak Authentication Cookie Basic Authentication

WebgoatCross-Site Scripting (XSS)

Stored XSS Reflected XSS

WebgoatBuffer Overflows

Buffer Overflow (N/A)

WebgoatInjection Flaws

Parameter Injection (N/A) Command Injection Numeric SQL Injection Blind SQL Injection String SQL Injection

WebgoatImproper Error Handling

Fail Open Authentication

WebgoatInsecure Storage

Encoding Basics

WebgoatDenial of Service

DOS Multiple Login

WebgoatInsecure Configuration Management

Forced Browsing (N/A)

WebgoatWeb Services

Soap Request WSDL Scanning Web Service SQL Injection

WebgoatChallenge

Start Challenge!

?