Software and Web Security 2

Software and Web Security 2, NWI-IPC026, Spring 2015

For some of the lab assignments we use WebGoat 5.4 and WebScarab. You can also use the newer Zed Attack Proxy.

Installation instructions

Warnings To install WebGoat There is lots of additional info on installation and use at the WebGoat 5.4 and WebScarab websites, but you shouldn't need that.

Starting everything up after the installation

To keep an overview with all the tools and installation instructions above: once everything is installed, you have to
  1. start Webgoat,
  2. start WebScarab,
  3. start your browser - Firefox or Chrome, and
    1. configure the network connection settings to use localhost port 8008 as a proxy,
    2. surf to http://localhost/WebGoat/attack or http://localhost:8080/WebGoat/attack and login as guest with password guest.
and you should be ready to start on the exercises.

Numbering of the OWASP WebGoat exercises