Tuesday, July 10, 2012

OWASP WebGoat .NET Released!

Hello Leaders!

Over the weekend, I pushed out the newest version of WebGoat.NET - the first major release. I've used this version to teach several .NET classes, and the application was received very well, and provided a great playground for developers who want to learn about application security.

The application is not identical to WebGoat Java, nor was it meant to be. But it follows the spirit of the venerable WebGoat that has been a mainstay in appsec classrooms for a decade.
  • In addition to a lessons, WebGoat.NET has an entire sample application built-in, for demonstration purpose.
  • There are a few lessons included, and I'm assembling a team of volunteers to help build out the rest.
  • Runs under Windows (obviously), Linux and OSX with no code changes
  • Uses a MySQL database. Will have optional database choices in the future (SQL Server will be implemented next).
  • Open source / GPL
In the coming months, the WebGoat.NET team and I will be working hard to build out more lessons, put in more .NET specific lessons, and add lesson notes, more challenges and guides.

WebGoat.NET can be downloaded from:


Please download and have fun. Hopefully this will help other people teaching ASP.NET security, and ultimately it will help people self-study once the lesson notes are completed.

Thank you!!

Jerry Hoff

-- Twitter: @jerryhoff
OWASP Appsec Tutorial Series (OATS):


Post a Comment

Subscribe to Post Comments [Atom]

<< Home