This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP/Training/OWASP WebGoat Project

Jump to: navigation, search
OWASP WebGoat Project
Overview & Goal
Web Goat is a deliberately insecure J2EE web application to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.
Contents Materials
WebGoat is written in Java and therefore installs on any platform with a Java virtual machine. Once deployed, the user can go through the lessons and track their progress with the scorecard. There are currently over 30 lessons, including those dealing with the following issues:


Web Goat Presentation