Auditing WebGoat with the Rochester OWASP folks

  • Posted by Tyler
  • February 4, 2007

I drove down to Henrietta today after work to the Bryant and Stratton Building to attend a meeting of the Rochester Chapter of OWASP (The Open Web Application Security Project).

Ralf led 5 of us through the first 6 lessons provided by WebGoat, an insecure J2EE web application that was designed to illustrate roughly 14 classes of web app vulnerabilities. We used a Java MITM HTTP Proxy called Paros Proxy which let us intercept HTTP requests and modify them before passing them on to WebGoat. Paros has a pretty slick UI and a GPL-compatible license.

They meet on the third Monday of every month – come check it out if you’re interested in Web Security.

Information and Links

Information
February 4th, 2007
No Responses
Feeds and Links
Comment Feed
From This Author
Del.icio.us
Digg
Technorati
Categories and Tags
Security
Web programming

Other Posts

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Reader Comments

Be the first to leave a comment!