WebGoat This web application is designed to demonstrate web application security flaws for the purpose of educating developers and security professionals about web application security problems. Please contact Bruce Mayhew (webgoat@owasp.org) if you have any questions. email WebGoat@owasp.org The EMAIL address of the administrator to whom questions and comments about this application should be addressed. contextConfigLocation /WEB-INF/mvc-dispatcher-servlet.xml, /WEB-INF/spring-security.xml AxisServlet Apache-Axis Servlet org.apache.axis.transport.http.AxisServlet AdminServlet Axis Admin Servlet org.apache.axis.transport.http.AdminServlet 100 SOAPMonitorService SOAPMonitorService org.apache.axis.monitor.SOAPMonitorService SOAPMonitorPort 5001 100 WebGoat This servlet plays the "controller" role in the MVC architecture used in this application. The initialization parameter namess for this servlet are the "servlet path" that will be received by this servlet (after the filename extension is removed). The corresponding value is the name of the action class that will be used to process this request. org.owasp.webgoat.HammerHead email WebGoat@owasp.org The EMAIL address of the administrator to whom questions and comments about this application should be addressed. debug false CookieDebug true DefuseOSCommands false Enterprise true CodingExercises true FeedbackAddress <A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A> DatabaseDriver org.hsqldb.jdbcDriver DatabaseConnectionString jdbc:hsqldb:mem:${USER} 5 LessonSource This servlet returns the Java source of the current lesson. org.owasp.webgoat.LessonSource Catcher This servlet catches any posts and marks the appropriate lesson property. org.owasp.webgoat.Catcher conf /lessons/ConfManagement/config.jsp mvc-dispatcher org.springframework.web.servlet.DispatcherServlet 1 mvc-dispatcher *.do org.springframework.web.context.ContextLoaderListener springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain /* AxisServlet /servlet/AxisServlet AxisServlet *.jws AxisServlet /services/* SOAPMonitorService /SOAPMonitor AdminServlet /servlet/AdminServlet WebGoat /attack LessonSource /source Catcher /catcher conf /conf 2880 wmv video/x-ms-wmv