Let’s face it. There are a lot of broken web apps and software out there. These web apps and software can oftentimes lead to major security holes being opened up due to their vulnerabilities. You don’t want to be the guy/girl responsible for the next major security breach just because you forgot to sanitize some input, or check that your sessions were secure.

I would love to provide you a great tutorial on how to avoid many of the hardships that developers face, especially in security these days, but I don’t think I could do it better than the people over at the OWASP WebGoat project. It’s a web application that purposefully has many vulnerabilities right out in the open. The site is laid out with exercises for you to complete. It will offer hints, and even a full solution for when you get stuck. It even tracks your progress through a report-card like page showing how many times you’ve attempted an exercise, how many times you got help, and whether it was completed or not. You can grab WebGoat from OWASP.org directly and install it on your own tomcat server, or grab it in a fully enclosed environment through Dojo or OWASP Broken Web App VM. Either way you choose, I’d highly recommend either one. The VM’s provide much more on top of WebGoat but I feel the way the site is laid out and structured, it provides a very good tutorial-based approach to learning what not to do or at least learn what to avoid in your own applications.

This entry was posted on Tuesday, March 2nd, 2010 at 4:49 pm by Tim Donaworth and is filed under Tutorial Tuesday. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.