Name _________________________________ Assignment #15WebGoat Part ICSC 482/582-001

Name _________________________________

Assignment #
15

WebGoat

–

Part I

C
SC 482/582
-
001





Go to
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
.
This describes to
WebGoat Project. WebGoat teaches web application
security through a series of exercises.




Go to
http://code.google.com/p/webgoat/download
s/detail?name=WebGoat
-
OWASP_Standard
-
5.2.zip&can=4&q=WebGoat

. Click on WebGoat
-
OWASP_Standard5.
2
.zip. Download the zip file and unzip to install
WebGoat.




Web utilizes Apache Tomcat web server.




To start Tomcat, browse to the WebGoat5.
2

directory and double click
"webgoat.bat".




Start your browser and browse to:
http://localhost/WebGoat/attack
.



Problem 1




In the browser, click on General.



Click HTTP Ba
sics.



When you successfully complete this lesson, HTTP Basics should have a
green check

mark.




I successfully complete this lesson.
Initials

#A:

______________





Problem 2




Click on Code Quality.



Click on Discover Cues in the HTML



Click on Lesson Plan
and read it.



Click on Hint. It is displayed in red.



Comments in HTML begin with <!
--
.



Complete this exercise to get your green check mark.

What is the admin password?


Answer #B:







Problem 3




Click on LAB: SQL Injection



Click on Stage
1
:
String SQL
Injection



Click on Lesson Plan and read it.



Click on Hint. It is displayed in red.



If you get stuck, click on Solution.



Where it says to use WebScarab, use Tamper Data



Complete this exercise to get your green check mark.


Explain how you solved this probl
em.



Answer #C: