This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "WebGoatPHP"
Abbas Naderi (talk | contribs) (WebGoatPHP page bone structure) |
Abbas Naderi (talk | contribs) (→Project Leader: added Shivam name to the leaders list.) (Tag: Visual edit) |
||
(16 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | = | + | <!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> |
− | + | <div style="width:100%;height:200px;border:0,margin:0;overflow: hidden;">[[Image:OWASP_Project_Header.jpg]] </div> | |
− | + | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | |
+ | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
− | + | ==OWASP WebGoatPHP== | |
+ | WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding. | ||
+ | |||
+ | [https://github.com/OWASP/OWASPWebGoatPHP GitHub Repo] | ||
+ | |||
+ | ==What is WebGoatPHP== | ||
+ | WebGoatPHP is a deliberately insecure web application developed using PHP to teach web application security. It offers a set of challenges based on various vulnerabilities listed in OWASP. The application is a realistic teaching environment and supports four different modes. | ||
+ | |||
+ | ==Why WebGoatPHP?== | ||
+ | WebGoatPHP is suitable for: | ||
+ | |||
+ | * Web Developers, to learn how to develop secure web applications | ||
+ | * Penetration Testers, to learn the different kinds of attacking scenarios | ||
+ | * Teachers, to interactively teach students about web application security | ||
+ | |||
+ | ==Contribute== | ||
+ | To contribute, fork the code on [https://github.com/shivamdixit/WebGoatPHP GitHub] and send a pull request. | ||
+ | Join the discussion on our [https://lists.owasp.org/mailman/listinfo/owasp_webgoatphp mailing list] | ||
+ | |||
+ | | valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" | | ||
+ | |||
+ | ==Different Operating Modes== | ||
+ | * Single User Mode | ||
+ | * Workshop Mode | ||
+ | * Contest Mode | ||
+ | * Secure Coding Mode | ||
+ | |||
+ | ==Types Of Challenges== | ||
+ | * Access Control Flaws | ||
+ | * AJAX Security | ||
+ | * Authentication Flaws | ||
+ | * Code Quality | ||
+ | * Injection Attacks | ||
+ | * Cross-Site Scripting(XSS) Attacks | ||
+ | * Brute Force Attacks | ||
+ | * Session Management Flaws | ||
+ | * Improper Error Handling | ||
+ | |||
+ | ==Major Contributors== | ||
+ | *[[User:Shivam_Dixit|Shivam Dixit]] | ||
+ | *[[User:Johanna_Curiel|Johanna Curiel]] | ||
+ | *[[User:Azzeddine_RAMRAMI|Azzeddine]] | ||
+ | |||
+ | | valign="top" style="padding-left:25px;width:200px;" | | ||
+ | |||
+ | ==Project Leader== | ||
+ | |||
+ | *[[User:Abbas_Naderi|Abbas Naderi]] | ||
+ | *[[User:Shivam_Dixit|Shivam Dixit]] | ||
+ | |||
+ | == Quick Download == | ||
+ | |||
+ | * [https://github.com/shivamdixit/WebGoatPHP/archive/master.zip OWASP WebGoatPHP] | ||
+ | |||
+ | |||
+ | == News and Events == | ||
+ | * Post issues in CodeBounty.com for fixing | ||
+ | *Project adoption and kick off February 2016 | ||
+ | |||
+ | ==Classifications== | ||
+ | {| width="200" cellpadding="2" | ||
+ | |- | ||
+ | | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=:Category:OWASP_Project#tab=Terminology]] | ||
+ | | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] | ||
+ | |- | ||
+ | | align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]] | ||
+ | |- | ||
+ | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | ||
+ | |} | ||
+ | |||
+ | |} | ||
+ | |||
+ | __NOTOC__ <headertabs /> | ||
+ | |||
+ | [[Category:OWASP Project]] | ||
+ | [[Category:OWASP_Builders]] | ||
+ | [[Category:OWASP_Defenders]] | ||
+ | [[Category:OWASP_Document]] | ||
+ | [[Category:OWASP_Download]] |
Latest revision as of 21:52, 13 June 2018
OWASP WebGoatPHPWebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding. What is WebGoatPHPWebGoatPHP is a deliberately insecure web application developed using PHP to teach web application security. It offers a set of challenges based on various vulnerabilities listed in OWASP. The application is a realistic teaching environment and supports four different modes. Why WebGoatPHP?WebGoatPHP is suitable for:
ContributeTo contribute, fork the code on GitHub and send a pull request. Join the discussion on our mailing list |
Different Operating Modes
Types Of Challenges
Major Contributors |
Project LeaderQuick Download
News and Events
Classifications |