GithubHelp home page GithubHelp logo

jason-cooke / owaspwebgoatphp Goto Github PK

View Code? Open in Web Editor NEW

This project forked from owasp/owaspwebgoatphp

1.0 1.0 0.0 5.71 MB

A deliberately vulnerable web application for learning web application security.

License: Apache License 2.0

TSQL 1.36% PHP 91.58% Perl 0.04% Batchfile 0.01% Hack 0.01% HTML 1.27% JavaScript 4.18% CSS 1.51% Shell 0.03%

owaspwebgoatphp's Introduction

WebGoatPHP

OWASP WebGoatPHP is a port of OWASP WebGoat to PHP and MySQL/SQLite databases. The goal is to create an interactive teaching environment for web application security by offering lessons in the form of challenges. In each challenge the user must exploit the vulnerability to demonstrate their understanding.

WebGoatPHP supports four different modes i.e single mode, workshop mode, contest mode and secure coding mode.

Project Proposal

The proposal of the project can be found here

Screenshots

Single User Mode:

WebgoatPHP Interface

  1. List of all the lessons and their categories
  2. To refresh the list of lessons and categories (if a new lesson/category is added)
  3. Content of the lesson
  4. Reset the lesson to inital state
  5. Get random hints of the lesson
  6. This will show GET parameters
  7. This will show the COOKIES
  8. Get the plan of the lesson
  9. This will show the solution of the lesson

Workshop Mode:

Workshop Mode

Installation

  • Clone the git repo. git clone https://github.com/shivamdixit/WebGoatPHP.git
  • Move it to your document root
  • Import the database from SQL/webgoat.php
  • Enter your database connection details in app/config/application.php (Line 52)
  • Open the application from localhost
  • Default username:password for single-user mode: guest:guest

Contribute

  • Fork the repo
  • Create your branch
  • Commit your changes
  • Create a pull request

Adding a lesson/challenge

Adding a new challenge is very simple. All the challenges must be present in 'challenges' directory and must extend class 'BaseLesson'. A template is provided in template/SampleLesson. The name of the directory must be same as the name of the class in index.php. Any static content like images, scripts etc. must be placed inside a sub-directory 'static' within the lesson directory.

There are few methods which your lesson need to implement like start(), getTitle(), getCategory(), reset() etc.

Once you have added the lesson click on "Refresh List" button at the top of the application to display your lesson in the list.

Contributors

  • Abbas Naderi
  • Johanna Curiel
  • Shivam Dixit
  • Prasham Gupta (Logo)

More Info

https://www.owasp.org/index.php/WebGoatPHP

Contact

If you have any questions join the discussion on our mailing list or write an email to: shivam.dixit[at]owasp.org

owaspwebgoatphp's People

Contributors

shivamdixit avatar abiusx avatar cheekysoft avatar marcbrillault avatar sethclong avatar peter279k avatar

Stargazers

Mohammed Hasanul Chowdhury avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.