OWASP WebGoat V2 - beta 1 (Java)

[Mark Curphey <mark () curphey com>]

Learning about web application security is sometimes hard. Whilst most
people have a copy of Linux or Windows NT running at home, very few of
us have the ability to have an Internet book store to play with in the
evenings. Not only that there are times when security professionals want
to be able to test tools against a known vulnerable platform to ensure
they perform as advertised. And all of this needs to happen in a safe,
legal environment, your own ! 

The WebGoat project are setting out to change that. This project has
created an application that will serve as; 

      * An Interactive Learning Environment for Web Application Security
      * A Testing Platform & Benchmark for Security Tools
      * A Web Application "Honey Pot"
      * 
Why the name WebGoat ? ScapeGoat, get it. Just blame it on the Goat ! 

WebGoat was created and developed by Jeff Williams and Bruce Mayhew of
Aspect Security, a provider of J2EE and .NET security services. They
clearly know their stuff !

WebGoat is based on the concept of teaching a user a real world lesson
and then asking them to demonstrate their understanding by exploiting a
real vulnerability on the local system. The system is even clever enough
to provide hints and show the user cookies, parameters and the
underlying Java code if they turn the option on.

Users can easily add their own interactive lessons and we encourage
people to write lessons and submit them to us for inclusion in the
release files.

This beta release will coninue to be refined before the final 2.0
release before the ed of the year but as this is a significant step
forward from Version 1.0 we wanted to release it now.

WebGoat is written in Java and requires J2SDK1.4 and a servlet
container. It will run on any platform with JVM support so Linux and
Win32, MacOS, OS-X etc  It has been tested on Apache Tomcat. 

You can download the beta code and see screenshots at
http://www.owasp.org/webgoat/

-- 
Mark Curphey <mark () curphey com>