Getting Started with WebGoat.NET
WebGoat Coins Customer Portal
Injection Attacks
Cross Site Scripting (XSS)
- Stored XSS
- Reflected XSS
Authentication Issues
- Insecure Forgot Password
Testing and Debugging
- Exploiting Debug Page
Encryption
.NET Exploits
- Unsafe blocks

Lesson Instructions

This lesson illustrates the common problem of trusting a user-supplied filename, then using it to generate a file path. Try manipulating the get paramter and download WebGoat.NET's Web.config file!

Files available for download

Here are files available for download. Please click on a file and the download should initiate within 10 seconds.

architecture.pdf
authentication.pdf
csrf.pdf
transport_layer.pdf