[Owasp-leaders] WebGoat.NET Major Released!

Jerry Hoff jerry at owasp.org
Tue Jul 10 15:26:47 UTC 2012

Hello Leaders!

Over the weekend, I pushed out the newest version of WebGoat.NET - the
first major release.  I've used this version to teach several .NET
classes, and the application was received very well, and provided a
great playground for developers who want to learn about application

The application is not identical to WebGoat Java, nor was it meant to
be.  But it follows the spirit of the venerable WebGoat that has been a
mainstay in appsec classrooms for a decade. 


- In addition to a lessons, WebGoat.NET has an entire sample application
built-in, for demonstration purposes.
- There are a few lessons included, and I'm assembling a team of
volunteers to help build out the rest
- Runs under Windows (obviously), Linux and OSX with no code changes. 
- Uses a MySQL database. Will have optional database choices in the
future (SQL Server will be implemented next)
- Open source / GPL

In the coming months, the WebGoat.NET team and I will be working hard to
build out more lessons, put in more .NET specific lessons, and add
lesson notes, more challenges and guides.

WebGoat.NET can be downloaded from:




Please download and have fun.  Hopefully this will help other people
teaching ASP.NET security, and ultimately it will help people self-study
once the lesson notes are completed.

Thank you!!

Jerry Hoff

Twitter: jerryhoff
OWASP Appsec Tutorial Series (OATS):

More information about the OWASP-Leaders mailing list