From f1d72c92ae124b9e3bd47e75019afeb7b7a88ba6 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Sat, 24 Oct 2015 15:31:15 -0400 Subject: [PATCH 1/2] Improved README instructions for Easy Run Improved README instructions for Easy Run, adding a website link to check for the last modifified data of the exec-jar Added links for listing build artificats output and link to our Travis.CI job Signed-off-by: Doug Morato --- README.MD | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/README.MD b/README.MD index df4546bae..a85e09dbd 100644 --- a/README.MD +++ b/README.MD @@ -4,11 +4,13 @@ # Important Information -### This is a work in progress of the WebGoat Lesson Server, which is currently **UNDER MAJOR DEVELOMENT** +### This is a work in progress of the WebGoat Lesson Server, which is currently **UNDER MAJOR DEVELOMENT**. +As of October 2015, this version "7.0-SNAPSHOT" is stable enough for testing. -#### Current stable version and instructions can be found at: [WebGoat-Legacy](https://github.com/WebGoat/WebGoat-Legacy) +#### Current stable version and instructions can be found at: [WebGoat-Legacy](https://github.com/WebGoat/WebGoat-Legacy) -WebGoat is a deliberately insecure web application maintained by [OWASP](http://www.owasp.org/) designed to teach web application security lessons. +WebGoat is a deliberately insecure web application maintained by [OWASP](http://www.owasp.org/) designed to teach web +application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and @@ -17,11 +19,13 @@ penetration testing techniques. * [Home Page](http://webgoat.github.io) * [OWASP Project Home Page](http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project) * [Source Code](https://github.com/WebGoat/WebGoat) -* [Easy-Run Download **TBD**](https://github.com/WebGoat/WebGoat/releases/**TBD**) +* [Easy-Run Download](https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0-SNAPSHOT-war-exec.jar) * [Wiki](https://github.com/WebGoat/WebGoat/wiki) * [FAQ (old info):](http://code.google.com/p/webgoat/wiki/FAQ) * [Project Leader - Direct to Bruce Mayhew](mailto:webgoat@owasp.org) * [Mailing List - WebGoat Community - For most questions](mailto:owasp-webgoat@lists.owasp.org) +* [Artifacts generated from Continuous Integration](http://webgoat-war.s3-website-us-east-1.amazonaws.com/) +* [Output from our Travis.CI Build server](https://travis-ci.org/WebGoat/WebGoat) **WARNING 1:** *While running this program your machine will be extremely vulnerable to attack. You should to disconnect from the Internet while using @@ -34,29 +38,39 @@ you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.* -# Easy Run Instructions ( For non-developers ) +# Easy Run ( For non-developers ) -**Note - Use [WebGoat-Legacy](https://github.com/WebGoat/WebGoat-Legacy) for a stable build** +Every successful build of the WebGoat Lessons Container and the WebGoat Lessons in our Continuous Integration Server +creates an "Easy Run" Executable JAR file, which contains the WebGoat Lessons Server, the lessons and a embedded Tomcat server. -Follow these instructions if you simply wish to run WebGoat +You can check for the "Last Modified" date of our "Easy Run" jar file [HERE](http://webgoat-war.s3-website-us-east-1.amazonaws.com/) + +The "Easy Run" JAR file offers a no hassle approach to testing and running WebGoat. Follow these instructions if you +wish to simply try/test/run the current development version of WebGoat ### Prerequisites: - * Java VM >= 1.6 installed ( JDK 1.7 recommended) -1. Download the executable jar file which contains all the lessons: +Easy Run Instructions: +---------------------- - https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0-SNAPSHOT-war-exec.jar -2. Run it using java: +#### 1. Download the easy run executable jar file which contains all the lessons and a embedded Tomcat server: + +https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0-SNAPSHOT-war-exec.jar + +#### 2. Run it using java: + +Open a command shell/window, browse to where you downloaded the easy run jar and type: ```Shell java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar ``` -3. Then navigate in your browser to: (http://localhost:8080/WebGoat) +#### 3. Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking ! -4.(Optional) If you would like to change the port or other options, use: + +#### (Optional) If you would like to change the port or other options, use the help command for guidance: ```Shell java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help From 95468581bce1cf4c30101258013c567fb05cc218 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Sat, 24 Oct 2015 15:53:18 -0400 Subject: [PATCH 2/2] Improved README formatting Formatting for the README file, adding a "Debugging and Troubleshooting" section and improving formatting for the reloading plugins and debugging label properties Signed-off-by: Doug Morato --- README.MD | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/README.MD b/README.MD index a85e09dbd..816a90b14 100644 --- a/README.MD +++ b/README.MD @@ -51,9 +51,7 @@ wish to simply try/test/run the current development version of WebGoat ### Prerequisites: * Java VM >= 1.6 installed ( JDK 1.7 recommended) -Easy Run Instructions: ----------------------- - +## Easy Run Instructions: #### 1. Download the easy run executable jar file which contains all the lessons and a embedded Tomcat server: @@ -69,7 +67,6 @@ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar #### 3. Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking ! - #### (Optional) If you would like to change the port or other options, use the help command for guidance: ```Shell @@ -118,7 +115,7 @@ cd .. ``` #### Before you can run the project, we need to compile the lessons and copy them over: -** If you don't run this step, you will not have any Lessons to work with!** +**If you don't run this step, you will not have any Lessons to work with!** ```Shell cd WebGoat-Lessons @@ -158,20 +155,28 @@ The __maven package__ goal generates a .war file that can deployed into an Appli ```Shell cd WebGoat -mvn package -cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ +mvn package +cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT.war /webapps/ ``` Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking ! +# Debugging and Troubleshooting -## Reloading plugins +## Reloading plugins and lessons -If you want to reload all the plugin visit the following url: `http://localhost:8080/WebGoat/service/reloadplugins.mvc` -in a new browser tab. After reloading a message will appear and you can refresh the WebGoat browser tab. +If you want to __reload all the plugin and lessons__, open a new browser tab and visit the following url: + +[http://localhost:8080/WebGoat/service/reloadplugins.mvc](http://localhost:8080/WebGoat/service/reloadplugins.mvc) + +After the plugin reload is complete, _reloading a message_ will appear and you can refresh the __main WebGoat browser tab__. ## Debugging label properties -To be able to see which labels are loaded through a property file you first need to visit the following url: -`http://localhost:8080/WebGoat/service/debug/labels.mvc` in a new browser tab. Switch back to the WebGoat page and -reload this page. After this labels which load label from the property file will marked green. \ No newline at end of file +To be able to see which labels are loaded through a property file, open a new browser tab and visit the following url: + +[http://localhost:8080/WebGoat/service/debug/labels.mvc](http://localhost:8080/WebGoat/service/debug/labels.mvc) + +Switch back to the main WebGoat broswer tab and __reload the main WebGoat browser tab__. + +After the reload is complete, all labels which where loaded from a property file will be __marked green__. \ No newline at end of file