Dear All OWASP is pleased to announce the release of WebGoat V2 The project homepage is http://www.owasp.org/webgoat/ and you can obtain the release files from http://sourceforge.net/projects/owasp/ WebGoat is a real web application written in Java with intentional vulnerabilities. It is designed as an interactive learning environment and test application with individual lessons such as SQL injection and Cross Site Scripting that allow the user to have actual hands on experience, in a safe and controlled environment (your own). > The Windows and Unix setup files (self executing jar files) install and configure Tomcat for you if its not already configured.
You can also download the source and war file options. To help there is a documented user guide in pdf. These are all available from the sourceforge site https://sourceforge.net/project/showfiles.php?group_id=64424 Creating a new lesson is easy; you need to implement one interface. If you write a new lesson please submit it to the project mailing list [EMAIL PROTECTED] for inclusion in the release builds. > We will be releasing an update in the coming months to include lessons for all of the OWASP Top Ten. > As ever we are looking for more volunteers to help on the project especially for release V3 near the end of the year. This will include many new features. If you are a Java developer and have a few hours a week, please join the mailing list and introduce yourself. > This project would not be possible without the development skills of Bruce Mayhew of Aspect Security ([EMAIL PROTECTED]) and the support of the OWASP Chairman Mark Curphey. Thanks. Enjoy! Bill Hau ([EMAIL PROTECTED]) And remember =93blame it on the Goat=94 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
