WebGoat

 WebGoat is a deliberately insecure J2EE web application designed to teach web application security concepts.
 WebGoat uses the Apache Tomcat server.
 It is configured to run on localhost although this can be easily changed. This configuration is for single user, additional
users can be added in the tomcat-users.xml file.

Objective of testing webgoat using SAINT Tool:

WebGoat_v5 application is deliberately designed to illustrate typical flaws within web-applications. SAINT Vulnerability scanner
tool was used to scan WebGoat_v5 application. The idea was to see if SAINT tool could detect vulnerabilities within WebGoat
application.

Methodology:

Before we could scan WebGoat application with SAINT, there are certain configurations that need to be done on WebGoat.

i) The IP address and the port for the proxy need to be configured in WebGoat so that we could access WebGoat
remotely.
ii) Once the IP and Proxy are set, WebGoat can be open in Internet Explorer or Mozilla Firefox Browser (The proxy
setting need to be added in Internet Explorer or Mozilla Browser). The following address should be added to open
Webgoat: http://localhost/webgoat/attack. WebGoat will ask for credentials.
iii) Once the credentials are added, the page will look like this:
 This address will open the WebGoat page page.

2. The different topics to test vulnerabilities on WebGoat

I have use Cross–Site Scripting (XSS)

Findings: