WebGoat

Back to list of all Outcomes


Outcomes

  • New test cases
  • New shared knowledge base
  • New lesson content, including content on how to fix vulnerabilities

Synopsis and Takeaways

  • Add lessons not found in other Goat-like applications e.g., SSRF
  • Discussion about sharing content between Goat-like applications such as WebGoat, NodeGoat, etc.
  • Flexibility when presenting in lessons
  • Language support discussion and agreed to support one language and focus on other features first
  • How to integrate automated vulnerability checking into WebGoat
  • Fixing a lesson should be added so developers can fix as well as break
  • New lesson ideas
    • Upload functionality
    • Path traversal with shell upload
    • Crypto
    • Focus on HTML5
    • JSON Injection
    • Business logic
      • e.g., After payment of an order repeat the request and keep ordering the TVs without paying.


Back to list of all Outcomes

Edit this page here