FICHA · AUR

webgoat

Deliberately insecure J2EE web application designed to teach web application security concepts

  • vulnerable-web-lab
  • SERVICE
  • Server
  • SECURITY
  • Launchable
  • Background service
official+codex · reviewed · Jun 5, 2026 description in en

Description

Training labs for web application security can run against a deliberately vulnerable J2EE app. Students and security testers can practice attacks safely in a lab; never expose it to untrusted networks.

How to run

webgoat

Commands: webgoat

Permissions

Permissions not analysed for this source yet.