[Previous entry: "A new paper on SQL Injection"] [Next entry: "Security, SOX and Oracle Incentive Compensation"]
WebGoat an application to learn how to hack!
October 10th, 2005 by Pete
Post to del.icio.us
Post to Furl
Joel sent me an email last week about an interesting application called WebGoat from the Open Web Application Security Project. This sounded interesting so I went for a look. Basically web application security testing is hard to learn and practice as few have access to real complete web based business applications that they can hack. The WebGoat project provides a full J2EE web application that is designed to be tested for security bugs. The application includes lessons that allow someone to understand and try out various hacks. It includes a lot of different attack vectors including SQL Injection, Cross Site Scripting, hidden form field manipulation, blind SQL and many many more.
