From 2df47dd7888b27f701841cd93b08d77286ffa0f7 Mon Sep 17 00:00:00 2001 From: "mayhew64@gmail.com" Date: Thu, 26 Apr 2012 17:11:32 +0000 Subject: [PATCH] Updated to 5.4 git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@469 4033779f-a91e-0410-96ef-6bf7bf53c507 --- README.txt | 123 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 92 insertions(+), 31 deletions(-) diff --git a/README.txt b/README.txt index f1b240c33..9a8f9fa7a 100644 --- a/README.txt +++ b/README.txt @@ -1,12 +1,16 @@ -********** WebGoat 5.3 -********** November/10/2000 +********** +********** WebGoat 5.4 +********** April/27/2012 ********** ** -** Source Code: http://code.google.com/p/webgoat -** Download: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824 -** Download: http://code.google.com/p/webgoat/downloads/list (Does not have Developer release) -** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents +** Home Page: http://code.google.com/p/webgoat ** Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project +** Source Code: http://code.google.com/p/webgoat/source/checkout +** Download: http://code.google.com/p/webgoat/downloads/list +** Download: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824 (older stuff) +** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents +** Wiki: http://code.google.com/p/webgoat/w/list +** FAQ: http://code.google.com/p/webgoat/wiki/FAQ ** Contact Info: webgoat@owasp.org (Direct to Bruce Mayhew) ** Mailing List: owasp-webgoat@lists.owasp.org (WebGoat Community - For most questions) ** @@ -35,9 +39,9 @@ You can find more information about WebGoat at: http://code.google.com/p/webgoat --------------- -Prerequisites (Skip to Option 3 for unzip and click to run configruation): --------------- +---------------------------------------------------------------------------------------- +Prerequisites for Developers (Skip to Option 3 for unzip and click to run configruation) +---------------------------------------------------------------------------------------- These tools must be installed independent of the webgoat download. - Java 1.6 @@ -48,16 +52,17 @@ These tools must be installed independent of the webgoat download. In Ubuntu it can be installed with: > apt-get install maven2 - WebGoat source code - WebGoat source code can be downloaded at: http://webgoat.googlecode.com/svn/trunk/ - Use an svn client (ex: Tortoise svn) to checkout the code. + WebGoat source code can be downloaded at: + http://code.google.com/p/webgoat/source/checkout + Use an svn client (ex: Tortoise svn) to checkout the code in the trunk. --------------------- -Building the project --------------------- +--------------------------------- +Building the project (Developers) +--------------------------------- -Using the cmd shell: +Using a command shell/window: > cd webgoat > mvn compile @@ -69,9 +74,9 @@ delete artifacts from previous build: > mvn clean ----------------------------------- -Building the Eclipse project files ----------------------------------- +----------------------------------------------- +Building the Eclipse project files (Developers) +----------------------------------------------- > mvn eclipse:clean > mvn eclipse:eclipse @@ -85,11 +90,11 @@ This folder is located in your username root folder, the same folder where "my d You can declare new variables in Eclipse in Windows -> Preferences... and selecting Java -> Build Path -> Classpath Variables ---------------------------------------------------- -Option 1: Run the project on Tomcat within Eclipse ---------------------------------------------------- +------------------------------------------------------------------- +Option 1: (Developers) Run the project on Tomcat within Eclipse +------------------------------------------------------------------- -Install a local Tomcat server +Install a local Tomcat server (We use Tomcat 7) 1. Download and unzip Apache Tomcat from http://tomcat.apache.org. 2. Adapt the conf/tomcat-users.xml file of your Tomcat server: @@ -115,21 +120,77 @@ Install a local Tomcat server 3. Right Click on the webgoat project within eclipse -> Run As -> Run on server Point your browser to http://localhost:8080/webgoat/attack +** Note - When running in eclipse, the default url will be lowercase "webgoat" ----------------------------------------------- -Option 2: Run the project on Tomcat with Maven ----------------------------------------------- +----------------------------------------------------------- +Option 2: (Developers) Run the project on Tomcat with Maven +----------------------------------------------------------- 1. mvn tomcat:run-war -2. http://localhost:8080/webgoat/attack +2. http://localhost:8080/WebGoat/attack --------------------------------------------------------- -Option 3: Run from the WebGoat 5.3 Standard distribution --------------------------------------------------------- -1. Download the WebGoat-OWASP_Standard-X.X.zip file from http://code.google.com/p/webgoat/downloads/list +------------------------------------------------------------------ +Option 3: Run from the WebGoat 5.X Standard distribution (Windows) +------------------------------------------------------------------ + +1. Download the WebGoat-5.X-OWASP_Standard_Win32.zip file from: + - http://code.google.com/p/webgoat/downloads/list 2. Unzip the file 3. Double click webgoat.bat -4. Browse to http://localhost/webgoat/attack +4. Browse to http://localhost/WebGoat/attack +** Note: if you receive a bind address error use: + +3. Double click webgoat8080.bat +4. Browse to http://localhost:8080/WebGoat/attack + + +------------------------------------------------------------------ +Option 4: Run from the WebGoat 5.X Standard distribution (Ubuntu) +------------------------------------------------------------------ + +1. Download the WebGoat-5.X-OWASP_Standard_Ubuntu32.zip file from: + - http://code.google.com/p/webgoat/downloads/list +2. Unzip the file +3. run sudu ./webgoat.sh start80 +4. Browse to http://localhost/WebGoat/attack + +** Note: if you receive a bind address or privilege error: + +3. run ./webgoat.sh start8080 +4. Browse to http://localhost:8080/WebGoat/attack + +shutdown the server with: +./webgoat.sh stop + +------------------------------------------------------------------ +Option 5: Using the WebgGoat-5.X.war +------------------------------------------------------------------ + +Windows: + +1. Download and install Java 1.6 and Tomcat 7 if needed +2. Download the WebgGoat-5.X.war and README-5.X file from: + - http://code.google.com/p/webgoat/downloads/list +3. Rename WebgGoat-5.X.war to WebgGoat.war +4. Copy WebGoat.war to /webapps/WebGoat.war +5. Modify the /conf/tomcat-users.xml to add in WebGoat users and roles + - see the FAQ for directions +6. Start the tomcat server (default is usually port 8080) +7. Browse to http://localhost:8080/WebGoat/attack + +Ubuntu: + +1. Install Java 1.6 and Tomcat 7 if needed + - Install java using: sudo apt-get install openjdk-7-jre + - Download Tomcat 7 from http://tomcat.apache.org/download-70.cgi (core tar.gz) +2. Download the WebgGoat-5.X.war and README-5.X file from: + - http://code.google.com/p/webgoat/downloads/list +3. Rename WebgGoat-5.X.war to WebgGoat.war +4. Copy WebGoat.war to /webapps/WebGoat.war +5. Modify the /conf/tomcat-users.xml to add in WebGoat users and roles + - see the FAQ for directions +6. Start the tomcat server (default is usually port 8080) +7. Browse to http://localhost:8080/WebGoat/attack \ No newline at end of file