WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat. There are other ‘goats’ such as WebGoat for .Net. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application aims to provide a realistic teaching environment, providing users with hints and code to further explain the lesson.
First Download webgoat from here and Unzip the WebGoat-OWASP_Standard using following command
p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z
Now goto webgoat folder now you will need to start/stop WebGoat as root
Sh webgoat.sh start8080
Start your browser and browse to http://localhost/webgoat/attack
Login in as:
user = guest,
password = guest
The post Web Penetration Lab Setup using Webgoat in kali Linux appeared first on Hacking Articles.