This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 16:37, 6 July 2016 by Rap Payne (talk | contribs) (Installation Instructions)

Jump to: navigation, search

This page is part of the OWASP WebGoat Project.

WebGoat for .Net is OWASP's intentionally insecure website created so that web developers can practice hardening their own websites.

WebGoat for .Net uses:

  • Visual Studio 2010
  • ASP.NET WebForms
  • C#
  • SQL Server Express
  • Entity Framework 4.1 Code First


WebGoat for .Net can be downloaded on GitHub.

Installation Instructions

  1. Download the project as a zip file here.
  2. Unzip it
  3. Open the Solution in Visual Studion 2015. You can do this by double-clicking on the WebGoat.Net.sln file.
  4. Hit F5 to begin running it.

If you have problems, send a tweet to @Rap_Payne with a hashtag of #WebGoat.Net

Project Contributors

If you are interested in contributing to WebGoat for .Net or have a comment, question, or suggestion, please contact Rap Payne.

The WebGoat for .Net project was written by Rap Payne. He can be contacted at RapPayne AT Rap is available to provide training on web application security and .Net web development.