Demo: Using WebGoat, a free software testing tool
There has been a surge in requests for detailed descriptions and use demos on free online software security testing tools. This video demo describes uses of WebGoat, a free tool that has a number of useful features that can test the security of an application and also teach testers best practices and skills to use in their testing.
What is WebGoat?
WebGoat is a free online tool
used to test and uncover application flaws that might otherwise go unnoticed. Issues with SQL injection and cross-site scripting (XSS) often fly under the security radar and issues are often discovered too late.
How can I use WebGoat to improve the quality, compatibility and security of my application?
In this introductory video (located below)Web 2.0 application security expert Kevin Beaver explains the finer points and best features of WebGoat, which he started in Spotting rich Internet application security flaws with WebGoat
the popularity of the tip led us to pursue "hands on" ways for Kevin to instruct on how to use WebGoat, where to get it as well as the advantages of the tool. Aided by the luxury of streaming video multimedia, use this page as launch pad to learning about WebGoat.
About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic, LLC. He has over 20 years experience in the industry and specializes in performing independent information security assessments revolving around compliance and information risk management. Kevin has authored/co-authored seven books on information security including the ethical hacking books, Hacking for Dummies
and Hacking Wireless Networks for Dummies (Wiley).
He's also the creator of the Security On Wheels IT security audio books.
This was first published in October 2009