ANN: WebGoat 3.7 - Application Security hands-on learning environment

["Jeff Williams" <jeff.williams () owasp org>]

The *only* way to learn application security is to test applications 
"hands on" and examine their source code. To encourage the next 
generation of application security experts, the Open Web Application 
Security Project (OWASP) has developed an extensive lesson-based 
training environment called "WebGoat".

WebGoat is a lessons based, deliberately insecure web application 
designed to teach web application security. Each of the 25 lessons 
provides the user an opportunity to demonstrate their understanding by 
exploiting a real vulnerability. WebGoat provides the ability to examine 
the underlying code to gain a better understanding of the vulnerability 
as well as provide runtime hints to assist in solving each lesson. V3.7 
includes lessons covering most of the OWASP Top Ten vulnerabilities and 
contains several new lessons on web services, SQL Injection, and 
authentication.

WebGoat 3.7 is available for free download from:

   http://www.owasp.org/software/webgoat.html

Simply unzip, run, and go to WebGoat in your browser to start learning.

The OWASP Foundation is dedicated to finding and fighting the causes of 
insecure software. Find out more at http://www.owasp.org.

--Jeff