OWASP WebGoatPHP
WebGoatPHP is a port of WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding.
GitHub Repo
What is WebGoatPHP
WebGoatPHP is a deliberately insecure web application developed using PHP to teach web application security. It offers a set of challenges based on various vulnerabilities listed in OWASP. The application is a realistic teaching environment and supports four different modes.
Why WebGoatPHP?
WebGoatPHP is suitable for:
- Web Developers, to learn how to develop secure web applications
- Penetration Testers, to learn the different kinds of attacking scenarios
- Teachers, to interactively teach students about web application security
Project leader
Abbas Naderi
|
Major Contributors
Different Operating Modes
- Single User Mode
- Workshop Mode
- Contest Mode
- Secure Coding Mode
Types Of Challenges
- Access Control Flaws
- AJAX Security
- Authentication Flaws
- Code Quality
- Injection Attacks
- Cross-Site Scripting(XSS) Attacks
- Brute Force Attacks
- Session Management Flaws
- Improper Error Handling
|
Quick Download
Website
http://webgoatphp.com/
News and Events
Classifications
|