Professional Documents
Culture Documents
Software Security
KAHDSE201F-016
D.G.M.H.Rajapaksha
Content
2) Practical demonstration
Once you have seen the webgote versions, you need to download the appropriate version
(8.0.0.M14) as bellow.
It contains both the webgote server and the webwolf zip file, so downloading the webgote
server is enough.
According to Belo Pictures the command props or power shell opening in that unshipped
location must be done after downloading and removing.
Press Shift + Right Click
When the Open PowerShell window is selected, the PowerShell will appear in the correct location.
Then Enter it .
If It was success you can see that kind of screen (below image)
Now successfully install and run webgoat server in your computer finally you should go to the
Webgoat login in localhost using below url.
Then you can see this king of Login form after successful webgoat installation.
Practical demonstration
1 .SQL Injection
Solution code :
Result :
Now you can see the Dave’s password . Then enter in password Text input.
Summery activity
1 – Register
2-Login
2.SQL Injection (Mitigation)
Solution :
IP Address – 192.168.3.3
2.Cross Site Scripting (XSS)
What is XSS
Cross-site script (also commonly known as XSS) is a vulnerability/flaw that combines …
# the allowance of html/script tags as input that are …# rendered into a browser
without encoding or sanitization
Basic XSS
You need to get separate tabs in browser and type below code in each tabs .and make sure
results are similar or not.
Javasrcipt:alert(document.cookie);
Tab 1
Tab 2
Reflected XSS
Solution Code - <script>alert('my javascript here')</script>
Result :