Running behind WebGoat

Today as a part of my Computer Scurity course I had to install WebGoat, which is platform for learning how to exploit vulnarabilities in web applications. It could be of great help in learning secure programming practices. It work on top of Java and Tomcat server. As I started the installation I had to face many problems associated with it. Mainly with the versions of JDK and JRE used. I had lost almost half a to solve this problem. So I thought I could share my experience if it could help someone to install WebGoat.

I downloaded WebGoat v5.2 from Sourceforge. Along with the WebGoat-OWASP_Standard-5.2.zip, we also require WebGoat-5.2.war file also. Unzip the WebGoat zip file to your curent directory.Change into the new unzipped directory. Then remove all the files name webgoat in ./tomcat/webapp/ and place the downloaded war file in this directory.
Find out the versions of jre and jdk installed in your system using:  java  -version
Also find the vakue for the environmental value JAVA_HOME:  echo $JAVA_HOME
Open the webgoat.sh file from the root folder. In the function is_java_1dot6 change all the 1.6 to the your current version.
eg:   $ java -version
java version “1.7.0_21”

           OpenJDK Runtime Environment (IcedTea 2.3.9) (ArchLinux build 7.u21_2.3.9-4-x86_64)
           OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

         $ echo $JAVA_HOME
             /usr/lib/jvm/java-7-openjdk

Here java version is shown as 1.7.0_21. Therefore you can replace the older version number given in the shell script to the new version number “1.7“.You have to add below given two lines to the shell script:
JAVA_HOME=/usr/lib/jvm/java-7-openjdk
export  JAVA_HOME

Now start the tomcat server.
$ sh webgoat.sh start80         # works on default port of 80
OR
$ sh webgoat.sh start8080    # works on port 8080

Go to http://127.0.0.1/webgoat/attack OR http://127.0.0.1:8080/webgoat/attack in any browser to start using WebGoat interface. If you get an ERROR 403 while starting on port 80, it may be due to IIS that is using that port.

And if it is ERROR 404, check the url you typped on the browser.

I suppose I have included most of the thing that I have done. If there is any change or additions that anyone has to inform me feel free to contact.

Regards.

New link can be found at abijith-kp.github.io

Advertisements

git@fossmeet

Untill the git session at Fossmeet 2013 at NITC, I was using git only as a method/tool to upload my code into Github. That particular session  by Mr.Noufal Ibrahim really changed my views on usage of git.  The word particular was added only because of the satisfaction I that got after attending that workshop.

Me and one of friend Krispin were attending the programme together. Actually gt was the only version control system used by us till date(just heard few names like subversion, mericurial etc). For pushing code into Github repository we only require few commands like add, commit, push and very rarely I used commands like pull. When we first used the branching technique in git, we got really amazed.
In reality I was searching for the file that I created for one branch, when I couldn’t find it in the other. Once I have heard one of seniors tell his friend that all code are maintained using git. Actually I didn’t get why he was wasting his time with all these stuffs. But that  session was the point were I really got point on why people use version control system.

We have a compiler lab for this semester and I could have saved a lt of time if I had used git. Whenever I changed the code I make of copy of it and edit the copy only, and since i have a habit of changing the code very often, I had may copies of the same file with only a small difference in them or sometimes nothing.

Now the next thing on the list list would be to study the internals and some advanced topics in git. (well before the Fossmeet itself I had tried to learn git by myself, many times. And all those tries resulted in nothing. But this time it would be different.For sure…. :))