This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Autumn of Code 2006 - Projects: Web Goat
AoC Candidate: Sherif
Project Coordinator: Jeff Williams
Project Progress: xx% Complete - Progress Page
Background and Motivation
History Behind Project WebGoat is a teaching tool designed to teach web application security lessons. Each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the application. Why the name "WebGoat"? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat
Problem to be Addressed
WebGoat needs to be updated with more lessons. Since there are some attacks that are not covered in the current set of classes like HTTP splitting and AJAX attacks.
Also, there are uncompleted lessons which does not make the product look professional enough for OWASP users. Some lesson plans also needs
Benefit to OWASP Members and Community
Goals and Deliverables
Plan of Approach
Deliverables
Risks and Rewards
Main Risks
Rewards of Successful Project