Information Security

Install WebGoat 7.1 on eclipse (Windows 10)

1. What is WebGoat?

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

Official Site : https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

 

2. Install WebGoat

2.1. Install JDK SE 7 and 8

JDK SE 7 : http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html
JDK SE 8 : http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

Why Install both version?
-> The ‘spring-web-3.2.4.RELEASE.jar’ included in WebGoat7 is dependent on JDK 7. And the latest version of Eclipse only supports JDK 8.

Nowadays, the JDK is good, so you don’t need to set environment variables separately. : D

 

2.2. Install eclipse ide for java ee developers

https://www.eclipse.org/downloads/packages/release/photon/r/eclipse-ide-java-ee-developers

 

2.3. Install Tomcat 7

https://tomcat.apache.org/download-70.cgi

Please make the following settings in “Configuration” during the installation process.
– HTTP/1.1 Connector Port : 8888
– Tomcat Administrator Login – User Name : admin
Password : admin
Otherwise, just make sure the path is correct.

Check connect : http://localhost:8888

And if end of check, then pause tomcat.

 

2.4. Run eclipse

2.4.1. Add new Server

Click “Server” at the bottom.
Click “No servers are available. Click this link to create a new server…”
Apache -> Tomcat v7.0 Server -> Next
Browse : Set to Tomcat 7 path (ex> C:\Program Files\Apache Software Foundation\Tomcat 7.0)
JRE : Set to JRE 7 path

2.4.2. Add Tomcat User

On eclipse

Project Explorer – Servers – Tomcat v7.0 Server at localhost-config – tomcat-users.xml – Source
Add this code

<role rolename="tomcat"/>
<role rolename="webgoat_basic"/>
<role rolename="webgoat_admin"/>
<role rolename="webgoat_user"/>

<user username="tomcat" password="tomcat" roles="tomcat" />
<user username="webgoat" password="webgoat" roles="webgoat_admin" />
<user username="basic" password="basic" roles="webgoat_user,webgoat_basic" />
<user username="guest" password="guest" roles="webgoat_user" />

2.4.3. Download & Import webgoat-7.1

Download WebGoat-7.1 (“webgoat-container-7.1.war”) : https://github.com/WebGoat/WebGoat/releases?after=v8.0.0.M4

On eclipse.

File – Import
Web – Click “War file” – Next
Browse : Set the downloaded “webgoat-container-7.1.war” as the path.

– modify URL path : …/webgoat-container-7.1 -> …/webgoat
Project Explorer – webgoat-container-7.1 – Right-click – Properties – Web Project Settings – Context root : webgoat

– Fix Error that occurred because “javax.inject.jar” was not found.
Download File : http://central.maven.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar
Project Explorer – webgoat-container-7.1 – Right-click – Properties – Java Build Path – Libraries – Add External JARs… – javax.inject-1.jar ; set to download file path

– Run Server(Tomcat)
Project Explorer – webgoat-container-7.1 – Right-click – Run As – Run On Server – Finish

– Connection test
http://localhost:8888/webgoat

Back To Top