WebGoat: A deliberately insecure Web Application
Important Information
The WebGoat Lesson Server, is currently UNDER MAJOR DEVELOMENT.
As of February 1st 2016, the version “7.0.1” is considered the first STABLE version of a major architecture and UI changes.
Older/Legacy version of WebGoat an be found at: WebGoat-Legacy
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web
application security lessons.
This program is a demonstration of common server-side application flaws. The
exercises are intended to be used by people to learn about application security and
penetration testing techniques.