This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "WebGoatPHP"

From OWASP
Jump to: navigation, search
(WebGoatPHP page bone structure)
 
Line 1: Line 1:
=Introduction=
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
WebGoatPHP is a contest environment / educational application to help contestants/learners understand information security in both defense/offense with lots of scenarios and an interactive enthusiastic approach.
+
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
http://webgoatphp.googlecode.com
+
==OWASP WebGoatPHP==
 +
WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding.
  
'''Under development'''
+
[https://github.com/shivamdixit/WebGoatPHP GitHub Repo]
 +
 
 +
==What is WebGoatPHP==
 +
WebGoatPHP is a deliberately insecure web application developed using PHP to teach web application security. It offers a set of challenges based on various vulnerabilities listed in OWASP. The application is a realistic teaching environment and supports four different modes.
 +
 
 +
==Why WebGoatPHP?==
 +
WebGoatPHP is suitable for:
 +
 
 +
* Web Developers, to learn how to develop secure web applications
 +
* Penetration Testers, to learn the different kinds of attacking scenarios
 +
* Teachers, to interactively teach students about web application security
 +
 
 +
==Project leader==
 +
 
 +
[https://www.owasp.org/index.php/User:Abbas_Naderi Abbas Naderi]
 +
 
 +
| valign="top"  style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
==Major Contributors==
 +
*[[User:Johanna_Curiel|Johanna Curiel]]
 +
*[[User:Shivam_Dixit|Shivam Dixit]]
 +
 
 +
==Different Operating Modes==
 +
* Single User Mode
 +
* Workshop Mode
 +
* Contest Mode
 +
* Secure Coding Mode
 +
 
 +
==Types Of Challenges==
 +
* Access Control Flaws
 +
* AJAX Security
 +
* Authentication Flaws
 +
* Code Quality
 +
* Injection Attacks
 +
* Cross-Site Scripting(XSS) Attacks
 +
* Brute Force Attacks
 +
* Session Management Flaws
 +
* Improper Error Handling
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
 
 +
* [https://github.com/shivamdixit/WebGoatPHP/archive/master.zip OWASP WebGoatPHP]
 +
 
 +
 
 +
== Website ==
 +
 
 +
http://webgoatphp.com/
 +
 
 +
== News and Events ==
 +
==Classifications==
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=:Category:OWASP_Project#tab=Terminology]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |}
 +
 
 +
|}
 +
 
 +
 
 +
__NOTOC__ <headertabs />
 +
 
 +
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:OWASP_Download]]

Revision as of 08:51, 28 June 2014

OWASP WebGoatPHP

WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding.

GitHub Repo

What is WebGoatPHP

WebGoatPHP is a deliberately insecure web application developed using PHP to teach web application security. It offers a set of challenges based on various vulnerabilities listed in OWASP. The application is a realistic teaching environment and supports four different modes.

Why WebGoatPHP?

WebGoatPHP is suitable for:

  • Web Developers, to learn how to develop secure web applications
  • Penetration Testers, to learn the different kinds of attacking scenarios
  • Teachers, to interactively teach students about web application security

Project leader

Abbas Naderi

Major Contributors

Different Operating Modes

  • Single User Mode
  • Workshop Mode
  • Contest Mode
  • Secure Coding Mode

Types Of Challenges

  • Access Control Flaws
  • AJAX Security
  • Authentication Flaws
  • Code Quality
  • Injection Attacks
  • Cross-Site Scripting(XSS) Attacks
  • Brute Force Attacks
  • Session Management Flaws
  • Improper Error Handling

Quick Download


Website

http://webgoatphp.com/

News and Events

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png


Retrieved from "https://wiki.owasp.org/index.php?title=WebGoatPHP&oldid=177686"