[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82120":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":8,"totalLinesOfCode":8,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":8,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":8,"rankLanguage":8,"license":8,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":8,"createdAt":8,"pushedAt":8,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":15,"starSnapshotCount":15,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},82120,"WebGoat","WebGoat\u002FWebGoat","WebGoat is a deliberately insecure application",null,"https:\u002F\u002Fgithub.com\u002FWebGoat\u002FWebGoat","JavaScript",9153,7781,208,36,0,5,13,19,15,41,false,"main","2026-06-12 02:04:23","# WebGoat: A deliberately insecure Web Application\n\n[![Build](https:\u002F\u002Fgithub.com\u002FWebGoat\u002FWebGoat\u002Factions\u002Fworkflows\u002Fbuild.yml\u002Fbadge.svg?branch=develop)](https:\u002F\u002Fgithub.com\u002FWebGoat\u002FWebGoat\u002Factions\u002Fworkflows\u002Fbuild.yml)\n[![java-jdk](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fjava%20jdk-25-green.svg)](https:\u002F\u002Fjdk.java.net\u002F)\n[![OWASP Labs](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FOWASP-Lab%20project-f7b73c.svg)](https:\u002F\u002Fowasp.org\u002Fprojects\u002F)\n[![GitHub release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease\u002FWebGoat\u002FWebGoat.svg)](https:\u002F\u002Fgithub.com\u002FWebGoat\u002FWebGoat\u002Freleases\u002Flatest)\n[![Gitter](https:\u002F\u002Fbadges.gitter.im\u002FOWASPWebGoat\u002Fcommunity.svg)](https:\u002F\u002Fgitter.im\u002FOWASPWebGoat\u002Fcommunity?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)\n[![Discussions](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fdiscussions\u002FWebGoat\u002FWebGoat)](https:\u002F\u002Fgithub.com\u002FWebGoat\u002FWebGoat\u002Fdiscussions)\n[![Conventional Commits](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FConventional%20Commits-1.0.0-%23FE5196?logo=conventionalcommits&logoColor=white)](https:\u002F\u002Fconventionalcommits.org)\n\n# Introduction\n\nWebGoat is a deliberately insecure web application maintained by [OWASP](http:\u002F\u002Fwww.owasp.org\u002F) designed to teach web\napplication security lessons.\n\nThis program is a demonstration of common server-side application flaws. The\nexercises are intended to be used by people to learn about application security and\npenetration testing techniques.\n\n**WARNING 1:** *While running this program your machine will be extremely\nvulnerable to attack. You should disconnect from the Internet while using\nthis program.*  WebGoat's default configuration binds to localhost to minimize\nthe exposure.\n\n**WARNING 2:** *This program is for educational purposes only. If you attempt\nthese techniques without authorization, you are very likely to get caught. If\nyou are caught engaging in unauthorized hacking, most companies will fire you.\nClaiming that you were doing security research will not work as that is the\nfirst thing that all hackers claim.*\n\n![WebGoat](docs\u002Fimages\u002Fwebgoat.png)\n\n# Installation instructions:\n\nFor more details check [the Contribution guide](\u002FCONTRIBUTING.md)\n\n## 1. Run using Docker\n\nAlready have a browser and ZAP and\u002For Burp installed on your machine in this case you can run the WebGoat image directly using Docker.\n\nEvery release is also published on [DockerHub](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fwebgoat\u002Fwebgoat).\n\n```shell\ndocker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 webgoat\u002Fwebgoat\n```\n\nFor some lessons you need the container run in the same timezone. For this you can set the TZ environment variable.\nE.g.\n\n```shell\ndocker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=America\u002FBoise webgoat\u002Fwebgoat\n```\n\nIf you want to use OWASP ZAP or another proxy, you can no longer use 127.0.0.1 or localhost. but\nyou can use custom host entries. For example:\n\n```shell\n127.0.0.1 www.webgoat.local www.webwolf.local\n```\n\nThen you can run the container with:\n\n```shell\ndocker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e WEBGOAT_HOST=www.webgoat.local -e WEBWOLF_HOST=www.webwolf.local -e TZ=America\u002FBoise webgoat\u002Fwebgoat\n```\n\nThen visit http:\u002F\u002Fwww.webgoat.local:8080\u002FWebGoat\u002F and http:\u002F\u002Fwww.webwolf.local:9090\u002FWebWolf\u002F\n\n## 2. Run using Docker with complete Linux Desktop\n\nInstead of installing tools locally we have a complete Docker image based on running a desktop in your browser. This way you only have to run a Docker image which will give you the best user experience.\n\n```shell\ndocker run -p 127.0.0.1:3000:3000 webgoat\u002Fwebgoat-desktop\n```\n\n## 3. Standalone\n\nDownload the latest WebGoat release from [https:\u002F\u002Fgithub.com\u002FWebGoat\u002FWebGoat\u002Freleases](https:\u002F\u002Fgithub.com\u002FWebGoat\u002FWebGoat\u002Freleases)\n\n```shell\nexport TZ=Europe\u002FAmsterdam # or your timezone\njava -Dfile.encoding=UTF-8 -jar webgoat-2023.8.jar\n```\n\nClick the link in the log to start WebGoat.\n\n### 3.1 Running on a different port\n\nIf for some reason you want to run WebGoat on a different port, you can do so by adding the following parameter:\n\n```shell\njava -jar webgoat-2023.8.jar --webgoat.port=8001 --webwolf.port=8002\n```\n\nFor a full overview of all the parameters you can use, please check the [WebGoat properties file](webgoat-container\u002Fsrc\u002Fmain\u002Fresources\u002Fapplication-{webgoat, webwolf}.properties).\n\n## 4. Run from the sources\n\n### Prerequisites:\n\n* Java 25\n* Your favorite IDE\n* Git, or Git support in your IDE\n\nOpen a command shell\u002Fwindow:\n\n```Shell\ngit clone git@github.com:WebGoat\u002FWebGoat.git\n```\n\nNow let's start by compiling the project.\n\n```Shell\ncd WebGoat\ngit checkout \u003C\u003Cbranch_name>>\n# On Linux\u002FMac:\n.\u002Fmvnw clean install\n\n# On Windows:\n.\u002Fmvnw.cmd clean install\n\nIf you have ran WebGoat before, you should first run mvn clean -Pcleanall to clean up files from your temp and home directories which could fail the tests due to changes in lessons!\n\n# Using docker or podman, you can than build the container locally\ndocker build -f Dockerfile . -t webgoat\u002Fwebgoat\n```\n\nNow we are ready to run the project. WebGoat is using Spring Boot.\n\n```Shell\n# On Linux\u002FMac:\n.\u002Fmvnw spring-boot:run\n# On Windows:\n.\u002Fmvnw.cmd spring-boot:run\n\n```\n\n... you should be running WebGoat on http:\u002F\u002Flocalhost:8080\u002FWebGoat momentarily.\n\nNote: The above link will redirect you to login page if you are not logged in. LogIn\u002FCreate account to proceed.\n\nTo change the IP address add the following variable to the `WebGoat\u002Fwebgoat-container\u002Fsrc\u002Fmain\u002Fresources\u002Fapplication.properties` file:\n\n```\nserver.address=x.x.x.x\n```\n\n## 4. Run with custom menu\n\nFor specialist only. There is a way to set up WebGoat with a personalized menu. You can leave out some menu categories or individual lessons by setting certain environment variables.\n\nFor instance running as a jar on a Linux\u002FmacOS it will look like this:\n\n```Shell\nexport TZ=Europe\u002FAmsterdam # or your timezone\nexport EXCLUDE_CATEGORIES=\"CLIENT_SIDE,GENERAL,CHALLENGE\"\nexport EXCLUDE_LESSONS=\"SqlInjectionAdvanced,SqlInjectionMitigations\"\njava -jar target\u002Fwebgoat-2023.8-SNAPSHOT.jar\n```\n\nOr in a docker run it would (once this version is pushed into docker hub) look like this:\n\n```Shell\ndocker run -d -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e EXCLUDE_CATEGORIES=\"CLIENT_SIDE,GENERAL,CHALLENGE\" -e EXCLUDE_LESSONS=\"SqlInjectionAdvanced,SqlInjectionMitigations\" webgoat\u002Fwebgoat\n```\n\n","WebGoat是一个故意设计为不安全的Web应用程序，由OWASP维护，旨在教授Web应用安全课程。其核心功能包括演示常见的服务器端应用漏洞，并提供一系列练习帮助用户学习应用安全和渗透测试技术。该项目采用Java语言编写，支持Docker部署，便于在本地环境中快速启动。它特别适合安全研究人员、开发人员以及对网络安全感兴趣的学习者，在受控环境下实践和理解各种安全威胁与防御策略。请注意，在使用过程中应确保计算机断开互联网连接以减少风险。",2,"2026-06-11 04:07:48","trending"]