Scribd
Upload
13 views3 pages

Cst8265 Lab 1

The lab focuses on installing WebGoat and ZAP to learn about web application security. Students must complete tasks related to Java installation, running WebGoat, and configuring ZAP, with a submission due date specified. Important security warnings are provided regarding the use of these tools on networks without authorization.

Uploaded by

Tutor J-biz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views3 pages

Cst8265 Lab 1

The lab focuses on installing WebGoat and ZAP to learn about web application security. Students must complete tasks related to Java installation, running WebGoat, and configuring ZAP, with a submission due date specified. Important security warnings are provided regarding the use of these tools on networks without authorization.

Uploaded by

Tutor J-biz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

24W_CST8265 – Web Security Basics

Lab-1 (2%)
(WebGoat and ZAP Installation)

PURPOSE:
The purpose of this lab is to install WebGoat on your laptops, and learn more about the
software learning environment. WebGoat is a deliberately insecure web application
maintained by OWASP (Open Web Application Security Project), designed to teach web
application security lessons.
You also need to install a ZAP proxy application on your machine. Students will install or
configure a vulnerability testing tool called ZAP. Zed Attack Proxy (ZAP) is one of the
world's most popular free security tools and is actively maintained by hundreds of
international volunteers. It can help you automatically find security vulnerabilities in your
web applications while you are developing and testing your applications. For more details:
https://www.zaproxy.org/

Please follow ZAP_guide.pdf to download and install zap on widows.

EVALUATION(RUBRIC):
1‐ Confirming Java Version - .3 mark.
2‐ Running WebGoat - .3 mark
3‐ Installing ZAP and proxy configuration - .6 mark
4‐ Lesson: “HTTP Basics” - .8 mark

DELIVERABLE:
Complete the following tasks and submit a solution document in Microsoft Word or pdf in
BrightSpace. Your document name should follow this format: Lab1_FirstName_LastName
(e.g. Lab_1_Mohammad_Patoary.docx or Lab_1_Mohammad_Patoary.pdf ).

DUE DATE:
Upload your document in BS no later than ...
IMPORTANT NOTE

The capabilities and tools you will be using in this lab should not be used either on the
Algonquin Corporate network or any other network connection without explicit
authorization from the network administrator. Otherwise, you risk being mistaken for an
attacker on that network!!

DO NOT TRY THESE EXPLOITS ON ANY COMPUTER OR NETWORK WITHOUT EXPLICIT


PERMISSION FROM THE OWNER OF THE COMPUTER / NETWORK.
Any attempts to run these tools on a 10.50.*.* segment will result in loss of lab privileges,
lockout or loss of your Algonquin account… or potentially greater consequences with legal
ramifications.

In addition running a deliberately insecure application such as WebGoat is a security risk. I


recommend that you disable your network adapters while using WebGoat, or use a
sandboxed VM environment with no network connection.

PROCEDURE

First:
You need to install java on your windows machine!
Download java from here:
https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-
2133151.html

 accept license agreement and click on jdk-8u191-windows-x64.exe

Install java: just double click on downloaded jdk-8u191-windows-x64.exe file. . . and


finish installation.
You also need to set up JAVA_HOME environment variable.
Please follow this tutorial for java installation and environment variable set up:
https://javatutorial.net/set-java-home-windows-10
Second:
1. Now, download WebGoat 5.2 (developer) version which was very
compatible on Windows.
https://sourceforge.net/projects/owasp/files/WebGoat/WebGoat%205.2/

(you can download developer version here or from bright space posted with this lab.)

How to install:

1. Copy the downloaded .zip file to your environment i.e. C:\


2. Then unzip WebGoat-OWASP_Developer-5.2.zip to your working environment. It
will create C:\ WebGoat-5.2 directory.
3. To start Tomcat, browse to the C:\WebGoat-5.2\ directory unzipped above and
double click "webgoat_8080.bat"
4. It will display a java console form.
5. Now, start your Mozilla firefox browser and browse to:
http://localhost:8080/WebGoat/attack

This link is case-sensitive. Make sure to use a large ‘W’ and ‘G’

Put user name: guest and password: guest

Click on start WebGoat……..


Third:
Download and install ZAP:
Download it from here: https://www.zaproxy.org/download/
Please follow the ZAP_guide.pdf posted in BrightSpace.

Additional tools:
Web browser: I recommend using the latest version of Mozilla Firefox.

Activities
Login and complete the following tasks or lessons in the webgoat:
1‐ Introduction: How to work with WebGoat
2‐ General: HTTP Basics (you need to use ZAP to hack the server’s response!)
Provide a screenshot of the successful completion of this lesson.

Upload your document on BS.

You might also like