https://github.com/contrast-security-oss/demo-webgoat7
https://github.com/contrast-security-oss/demo-webgoat7
Last synced: 9 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/contrast-security-oss/demo-webgoat7
- Owner: Contrast-Security-OSS
- Created: 2020-08-17T10:49:25.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-01-26T15:32:51.000Z (over 2 years ago)
- Last Synced: 2025-09-30T18:59:59.496Z (9 months ago)
- Language: TypeScript
- Size: 68.6 MB
- Stars: 2
- Watchers: 9
- Forks: 7
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Webgoat 7: A deliberately insecure Java web application
This sample application is downloaded from https://github.com/WebGoat/WebGoat/releases/download/7.1/webgoat-container-7.1-exec.jar.
**Warning**: The computer running this application will be vulnerable to attacks, please take appropriate precautions.
# Running standalone
You can run WebGoat locally on any machine with Java 1.8 RE installed.
1. Place a `contrast_security.yaml` file into the application's root folder.
1. Place a `contrast.jar` into the application's root folder.
1. Run the application using:
```sh
java -javaagent:contrast.jar -Dcontrast.config.path=contrast_security.yaml -jar webgoat-container-7.1-exec.jar [--server.port=8080] [--server.address=localhost]
```
1. Browse the application at http://localhost:8080/WebGoat/
# Running in Docker
You can run WebGoat within a Docker container.
1. Place a `contrast_security.yaml` file into the application's root folder.
1. Build the WebGoat container image using `./1-Build-Docker-Image.sh`. The Contrast agent is added automatically during the Docker build process.
1. Run the container using `docker run -v $PWD/contrast_security.yaml:/etc/contrast/java/contrast_security.yaml -p 8080:8080 webgoat:7.1`
1. Browse the application at http://localhost:8080/WebGoat/
# Running in Azure (Azure Container Instance):
## Pre-Requisites
1. Place a `contrast_security.yaml` file into the application's root folder.
1. Install Terraform from here: https://www.terraform.io/downloads.html.
1. Install PyYAML using `pip install PyYAML`.
1. Install the Azure cli tools using `brew update && brew install azure-cli`.
1. Log into Azure to make sure you cache your credentials using `az login`.
1. Edit the [variables.tf](variables.tf) file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment.
1. Run `terraform init` to download the required plugins.
1. Run `terraform plan` and check the output for errors.
1. Run `terraform apply` to build the infrastructure that you need in Azure, this will output the web address for the application. If you receive a HTTP 503 error when visiting the app then wait 30 seconds for the application to initialize.
1. Run `terraform destroy` when you would like to stop the app service and release the resources.
# Running automated tests
There is a test script which you can use to reveal vulnerabilities which requires node and puppeteer.
1. Install NPM, Node, Chrome and Playwright `npm i playwright`
1. Run `BASEURL= npx playwright test e2e/assess/*.ts`
## Updating the Docker Image
You can re-build the docker image (used by Terraform) by running two scripts in order:
* 1-Build-Docker-Image.sh
* 2-Deploy-Docker-Image-To-Docker-Hub.sh