This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP O2 Platform/WIKI/Using O2 on: WebGoat

Jump to: navigation, search

This page contains information about WebGoat and O2 can be used to find, exploit and mitigate its vulnerabilities

main links


what is the url for webgoat on your local host?

Once you start webgoat using the provided bat file you can open your browser and browse to: http://localhost/WebGoat/attack. Notice the capital 'W' and 'G' (login in as: user = guest, password = guest ). See also WebGoat Installation

go back to the main OWASP O2 Platform page