This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP WebGoat Project Roadmap
From OWASP
<webgoat/>The project's overall goal is to...
Be the defacto standard web application security training environment
In the near term, we are focused on the following tactical goals...
- Demonstrate most common web application security vulnerabilities
- Add educational support for secure coding practices
- Enhance enterprise lesson tracking
- Attract more contributions of lessons
- Revisit existing lesson base to standardize lesson theme.
- Increase ease-of-use and expand user base
Here are the current tasks defined to help us achieve these goals
Architectural
- Replace basic authentication with forms based authentication
- Rewrite all lessons to follow common theme using common database
- Rewrite user administration to allow better user management (non-hackable)
- Fix Logoff
- Defuse all lessons to disallow inadvertent harm to user's OS
General
- General security cleanup. Remove exploits that are not lesson specific
- Remove non working lessons
New Lessons
- Server side forward allows access to WEB-INF resources
- Account enumeration using webscarab
- SQLException lesson - could tie into overall error handling
- XML attacks - Entity recursion, ...
For more information contact Bruce Mayhew at webgoat at owasp dot org
