ANN: WebGoat 3.7 - Application Security hands-on learning environment

From: Jeff Williams (jeff.williams@owasp.org)
Date: Tue Sep 06 2005 - 09:52:53 EDT


The *only* way to learn application security is to test applications
"hands on" and examine their source code. To encourage the next
generation of application security experts, the Open Web Application
Security Project (OWASP) has developed an extensive lesson-based
training environment called "WebGoat".

WebGoat is a lessons based, deliberately insecure web application
designed to teach web application security. Each of the 25 lessons
provides the user an opportunity to demonstrate their understanding by
exploiting a real vulnerability. WebGoat provides the ability to examine
the underlying code to gain a better understanding of the vulnerability
as well as provide runtime hints to assist in solving each lesson. V3.7
includes lessons covering most of the OWASP Top Ten vulnerabilities and
contains several new lessons on web services, SQL Injection, and
authentication.

WebGoat 3.7 is available for free download from:

    http://www.owasp.org/software/webgoat.html

Simply unzip, run, and go to WebGoat in your browser to start learning.

The OWASP Foundation is dedicated to finding and fighting the causes of
insecure software. Find out more at http://www.owasp.org.

--Jeff

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:49 EDT