WebGoat - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

WebGoat

Description:

Unpacking the Package. INSA_at_CCU. Information Networking Security and Assurance Lab ... Unpacking the WebGoat src Distribution. INSA_at_CCU ... – PowerPoint PPT presentation

Number of Views:663
Avg rating:3.0/5.0
Slides: 35
Provided by: kuchu
Category:

less

Transcript and Presenter's Notes

Title: WebGoat


1
WebGoat
2
Contents
  • Overview
  • Environment
  • Install Required Software
  • Install WebGoat
  • Getting Started
  • Usage of WebGoat
  • Example

3
Overview
  • Illustrate Typical Security Flaws within
    Web-Applications
  • Teach a Structured Approach to Testing and
    Exploiting
  • Give Practical Training and Examples

4
Environment
  • OS
  • Red Hat Linux 7.3 (2.4.18-3)
  • Required Software
  • Java Development Kit
  • Apache Ant 1.6.1
  • Tomcat 5.0.25

5
Install Required Software
  • Java 2 SDK, Standard Edition 1.4.2_04
  • http//java.sun.com/

6
Install Required Software (cont.)
  • Unpacking the Package

7
Install Required Software (cont.)
  • Installing JDK RPM Package

8
Install Required Software
  • Downloading Apache ANT 1.6.1
  • http//ant.apache.org/srcdownload.cgi

9
Install Required Software (cont.)
  • Unpacking the Package

10
Install Required Software (cont.)
  • Building and Installing Apache Ant

11
Install Required Software (cont.)
  • Downloading Tomcat 5
  • http//jakarta.apache.org/site/sourceindex.cgi

12
Install Required Software (cont.)
  • Uncompressing the Package

13
Install Required Software (cont.)
  • Building All Components of Tomcat 5

14
Install Required Software (cont.)
  • Running Tomcat 5

15
Install Required Software (cont.)
  • Testing Tomcat 5

16
Install WebGoat
  • Download WebGoat Source Distribution
  • http//www.owasp.org/development/webgoat

17
Install WebGoat (cont.)
  • Put catalina-ant.jar into /usr/local/ant/lib

18
Install WebGoat (cont.)
  • Unpacking the WebGoat src Distribution

19
Install WebGoat (cont.)
  • Modify catalina.home property in build.xml to
    specify tomcat installation directory

20
Install WebGoat (cont.)
  • Add ltuser name"webgoat" password"webg0_at_t
    roles"admin,manager,standard,tomcat"/gt to the
    tomcat_home/conf/tomcat-users.xml file

21
Install WebGoat (cont.)
  • Uncomment the invoker mapping in web.xml

22
Install WebGoat (cont.)
  • Starting the Compile

23
Install WebGoat (cont.)
  • Create a New WebGoat .war File

24
Install WebGoat (cont.)
  • Installing WebGoat

25
Getting Started
  • Running Tomcat 5 and Trying http//server_ip808
    0/WebGoat/attack

26
Usage of WebGoat
Lesson Plans
27
Lesson Plans
  • Http Basics
  • How to Perform Database Cross Site Scripting
    (xss)
  • How to Spoof an Authentication Cookie
  • How to Exploit Hidden Fields
  • How to Discover Clues in the HTML
  • How to Perform Parameter Injection
  • How to Perform SQL Injection
  • How to Exploit Thread Safety Problems
  • How to Exploit Unchecked Email
  • How to Spoof an Authentication Cookie
  • Putting it all together

28
Lesson Plans (cont.)
29
Example SQL Injection
30
Example SQL Injection (cont.)
31
Example SQL Injection (cont.)
32
Example SQL Injection (cont.)
33
Example SQL Injection (cont.)
34
Example SQL Injection (cont.)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "WebGoat" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!