[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows Server 2019)(二)

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows Server 2019)(二)

2022-05-16

續這2篇

[研究]OWASP WebGoat 8.2.2、Webwolf 8.2.2滲透測試學習平台安安裝、啟動 (Windows 2019)
https://shaurong.blogspot.com/2022/05/owasp-webgoat-822webwolf-822.html

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows 10)

https://shaurong.blogspot.com/2022/05/owasp-webgoat-822-windows-10.html

WebGoat 是一個由 OWASP 維護的、故意不安全的 Web 應用程式，旨在教授 Web 應用程序安全課程。 

Category:OWASP WebGoat Project
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

8.2.2版是2021-09-05 釋出
https://github.com/WebGoat/WebGoat/releases
此處可下載到 webgoat-server-8.2.2.jar 和 webwolf-8.2.2.jar 檔案。

GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application
https://github.com/WebGoat/WebGoat

網頁上說需要 Java 17，指令類似如下

java   -Dfile.encoding=UTF-8   -jar   webgoat-8.2.3.jar 

( 會執行失敗，有官方網頁沒說的問題，稍後說 )

Microsoft Build of OpenJDK

https://www.microsoft.com/openjdk

直接下載 (找格式為 .msi 的安裝方便些，此處 .msi 被翻譯成「微星」，看的很不習慣)

https://aka.ms/download-jdk/microsoft-jdk-17.0.2.8.1-windows-x64.msi

Oracle JDK下載

https://www.oracle.com/java/technologies/downloads/#jdk17-windows

直接下載

https://download.oracle.com/java/17/latest/jdk-17_windows-x64_bin.msi

Java 17 安裝後，隨便啟動個「命令提示字元」視窗，測試一下，確認版本。

C:\>java -version openjdk version "17.0.1" 2021-10-19 LTS OpenJDK Runtime Environment Microsoft-28056 (build 17.0.1+12-LTS) OpenJDK 64-Bit Server VM Microsoft-28056 (build 17.0.1+12-LTS, mixed mode, sharing) C:\>

啟動 WebGoat 其實只要下面即可，不用 -Dfile.encoding=UTF-8 參數

java -jar webgoat-server-8.2.2.jar

上次在 Windows Server 2019 會失敗，但這次在 Windows 10 會正常執行，所以又補了這篇。

Microsoft Windows [版本 10.0.17763.2867] (c) 2018 Microsoft Corporation. 著作權所有，並保留一切權利。 C:\Users\Administrator>cd\WebGoat C:\WebGoat>dir 磁碟區 C 中的磁碟沒有標籤。 磁碟區序號: D2BA-DEE4 C:\WebGoat 的目錄 2022/05/16 下午 03:33 <DIR> . 2022/05/16 下午 03:33 <DIR> .. 2022/05/05 下午 01:39 96,411,569 webgoat-server-8.2.2.jar 2022/05/05 下午 01:40 53,814,896 webwolf-8.2.2.jar 2 個檔案 150,226,465 位元組 2 個目錄 87,354,695,680 位元組可用 C:\WebGoat>jar -jar webgoat-server-8.2.2.jar 無效的選項: j 請使用 'jar --help' 以取得更多的資訊。 C:\WebGoat>java -jar webgoat-server-8.2.2.jar 15:33:44.558 [main] INFO org.owasp.webgoat.StartWebGoat - Starting WebGoat with args: . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.4.3) 2022-05-16 15:33:45.944 INFO 2840 --- [ main] org.owasp.webgoat.StartWebGoat : Starting StartWebGoat v8.2.2 using Java 17.0.2 on WIN-VD8I3DJAJH2 with PID 2840 (C:\WebGoat\webgoat-server-8.2.2.jar started by Administrator in C:\WebGoat) 2022-05-16 15:33:45.944 DEBUG 2840 --- [ main] org.owasp.webgoat.StartWebGoat : Running with Spring Boot v2.4.3, Spring v5.3.4 2022-05-16 15:33:45.944 INFO 2840 --- [ main] org.owasp.webgoat.StartWebGoat : No active profile set, falling back to default profiles: default 2022-05-16 15:33:50.351 INFO 2840 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode. 2022-05-16 15:34:19.882 INFO 2840 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 181 ms. Found 2 JPA repository interfaces. 2022-05-16 15:34:20.945 WARN 2840 --- [ main] io.undertow.websockets.jsr : UT026010: Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used 2022-05-16 15:34:20.975 INFO 2840 --- [ main] io.undertow.servlet : Initializing Spring embedded WebApplicationContext 2022-05-16 15:34:20.975 INFO 2840 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 34847 ms 2022-05-16 15:34:21.285 INFO 2840 --- [ main] org.owasp.webgoat.HSQLDBDatabaseConfig : Starting internal database on port 9001 ... [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited [Server@6e9c413e]: [Thread[main,5,main]]: setDatabaseName(0,webgoat) [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited [Server@6e9c413e]: [Thread[main,5,main]]: setDatabasePath(0,C:\Users\Administrator/.webgoat-8.2.2//data/webgoat) [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited [Server@6e9c413e]: [Thread[main,5,main]]: setDaemon(true) [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered [Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited [Server@6e9c413e]: [Thread[main,5,main]]: setAddress(127.0.0.1) [Server@6e9c413e]: [Thread[main,5,main]]: setTrace(false) [Server@6e9c413e]: Initiating startup sequence... [Server@6e9c413e]: Server socket opened successfully in 0 ms. 2022-05-16 15:34:21.590 INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE : Checkpoint start 2022-05-16 15:34:21.590 INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE : checkpointClose start 2022-05-16 15:34:21.590 INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE : checkpointClose synched 2022-05-16 15:34:21.590 INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE : checkpointClose script done 2022-05-16 15:34:21.622 INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE : checkpointClose end 2022-05-16 15:34:21.628 INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE : Checkpoint end - txts: 1 [Server@6e9c413e]: Database [index=0, id=0, db=file:C:\Users\Administrator/.webgoat-8.2.2//data/webgoat, alias=webgoat] opened successfully in 295 ms. [Server@6e9c413e]: Startup sequence completed in 295 ms. [Server@6e9c413e]: 2022-05-16 07:34:21.628 HSQLDB server 2.5.1 is online on port 9001 [Server@6e9c413e]: To close normally, connect and execute SHUTDOWN SQL [Server@6e9c413e]: From command line, use [Ctrl]+[C] to abort abruptly 2022-05-16 15:34:21.800 INFO 2840 --- [ main] o.f.c.internal.license.VersionPrinter : Flyway Community Edition 7.1.1 by Redgate 2022-05-16 15:34:22.002 INFO 2840 --- [ main] o.f.c.i.database.base.DatabaseType : Database: jdbc:hsqldb:hsql://127.0.0.1:9001/webgoat (HSQL Database Engine 2.5) 2022-05-16 15:34:22.080 INFO 2840 --- [ main] o.f.core.internal.database.base.Schema : Creating schema "container" ... 2022-05-16 15:34:22.080 INFO 2840 --- [ main] o.f.c.i.s.JdbcTableSchemaHistory : Creating Schema History table "container"."flyway_schema_history" ... 2022-05-16 15:34:22.142 INFO 2840 --- [ main] o.f.core.internal.command.DbMigrate : Current version of schema "container": null 2022-05-16 15:34:22.159 INFO 2840 --- [ main] o.f.core.internal.command.DbMigrate : Migrating schema "container" to version "1 - init" 2022-05-16 15:34:22.173 INFO 2840 --- [ main] o.f.core.internal.command.DbMigrate : Migrating schema "container" to version "2 - version" 2022-05-16 15:34:22.189 INFO 2840 --- [ main] o.f.core.internal.command.DbMigrate : Successfully applied 2 migrations to schema "container" (execution time 00:00.068s) 2022-05-16 15:34:22.481 INFO 2840 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default] 2022-05-16 15:34:22.684 INFO 2840 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.4.28.Final 2022-05-16 15:34:22.935 INFO 2840 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.2.Final} 2022-05-16 15:34:23.278 INFO 2840 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.HSQLDialect 2022-05-16 15:34:24.335 INFO 2840 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform] 2022-05-16 15:34:24.351 INFO 2840 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default' 2022-05-16 15:34:25.654 WARN 2840 --- [ main] o.o.webgoat.lessons.CourseConfiguration : Lesson: webgoat.title has no endpoints, is this intentionally? 2022-05-16 15:34:25.842 WARN 2840 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning 2022-05-16 15:34:26.158 INFO 2840 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@72bdd7c7, org.springframework.security.web.context.SecurityContextPersistenceFilter@d5bb1c4, org.springframework.security.web.header.HeaderWriterFilter@7102ac3e, org.springframework.security.web.authentication.logout.LogoutFilter@2f382a5e, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@2e32fc22, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465b38e6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@64dae3b7, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7d17ee50, org.springframework.security.web.session.SessionManagementFilter@2db2a05f, org.springframework.security.web.access.ExceptionTranslationFilter@772caabe, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@33379242] 2022-05-16T15:34:28.002+08:00 [main] WARN FilenoUtil : Native subprocess control requires open access to the JDK IO subsystem Pass '--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED' to enable. 2022-05-16 15:34:30.758 INFO 2840 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor' 2022-05-16 15:34:31.227 INFO 2840 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator' 2022-05-16 15:34:31.294 INFO 2840 --- [ main] io.undertow : starting server: Undertow - 2.2.4.Final 2022-05-16 15:34:31.309 INFO 2840 --- [ main] org.xnio : XNIO version 3.8.0.Final 2022-05-16 15:34:31.340 INFO 2840 --- [ main] org.xnio.nio : XNIO NIO Implementation Version 3.8.0.Final 2022-05-16 15:34:31.472 INFO 2840 --- [ main] org.jboss.threads : JBoss Threads version 3.1.0.Final 2022-05-16 15:34:31.529 INFO 2840 --- [ main] o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 8080 (http) with context path '/WebGoat' 2022-05-16 15:34:31.553 INFO 2840 --- [ main] org.owasp.webgoat.StartWebGoat : Started StartWebGoat in 46.622 seconds (JVM running for 47.623) 2022-05-16 15:36:15.923 INFO 2840 --- [ XNIO-1 task-2] io.undertow.servlet : Initializing Spring DispatcherServlet 'dispatcherServlet' 2022-05-16 15:36:15.923 INFO 2840 --- [ XNIO-1 task-2] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' 2022-05-16 15:36:15.923 INFO 2840 --- [ XNIO-1 task-2] o.s.web.servlet.DispatcherServlet : Completed initialization in 0 ms 2022-05-16 15:36:15.955 DEBUG 2840 --- [ XNIO-1 task-2] org.owasp.webgoat.i18n.Messages : Loading properties [messages.properties] with encoding 'UTF-8' 2022-05-16 15:36:15.955 DEBUG 2840 --- [ XNIO-1 task-2] org.owasp.webgoat.i18n.Messages : No properties file found for [classpath:i18n/messages_zh] - neither plain properties nor XML 2022-05-16 15:36:15.955 DEBUG 2840 --- [ XNIO-1 task-2] org.owasp.webgoat.i18n.Messages : No properties file found for [classpath:i18n/messages_zh_TW] - neither plain properties nor XML

執行結果正常

訊息顯示 Undertow started on port(s) 8080 (http) with context path '/WebGoat'

(下圖) 連上
http://localhost:8080/WebGoat

或

http://127.0.0.1:8080/WebGoat
注意，是 HTTP，還有注意 WebGoat 的大小寫

檢查誰用了 Port 8080

Microsoft Windows [版本 10.0.17763.2867] (c) 2018 Microsoft Corporation. 著作權所有，並保留一切權利。 C:\Users\Administrator>netstat -nao | find "8080" TCP 127.0.0.1:8080 0.0.0.0:0 LISTENING 2840 TCP 127.0.0.1:8080 127.0.0.1:49761 TIME_WAIT 0 TCP 127.0.0.1:8080 127.0.0.1:49762 TIME_WAIT 0 TCP 127.0.0.1:8080 127.0.0.1:49763 TIME_WAIT 0 TCP 127.0.0.1:8080 127.0.0.1:49764 TIME_WAIT 0 C:\Users\Administrator>tasklist /fi "pid eq 2840" 映像名稱 PID 工作階段名稱 工作階段 # RAM使用量 ========================= ======== ================ =========== ============ java.exe 2840 Console 1 341,848 K C:\Users\Administrator>

(下圖) 上圖登入畫面按下 Register New User，建立一個帳號就可以登入 

左邊選單是依照 OWASP Top 10:2017 的順序，但是目前最新版已經是 OWASP Top 10:2021，WebGoat 最新版 8.2.2 尚未更上腳步。

首頁 - OWASP Top 10:2021

https://owasp.org/Top10/

https://owasp.org/Top10/zh_TW/

要結束程式，「命令提示字元」中按下 Ctrl-C 中斷程式即可。

********************************************************************************

啟動 WebWolf

有些挑戰需要運行本地網絡服務器。 WebWolf 可當攻擊者，解決 WebGoat 中的一些任務和挑戰。例如，一項任務可能要求提供文件或連接回自己的環境或接收電子郵件。為了在不連接到 Internet 的情況下運行 WebGoat，此工具稱為 WebWolf。

請另外新開一個「命令提示字元」視窗，因為原來的仍在執行中，沒有回到提示字元狀態下，執行下面 ( WebGoat 網站 和 資料庫用的 Port 要和上面啟動時設定相同，免得 WebWolf 找不到資料庫系統 )

Microsoft Windows [版本 10.0.17763.2867] (c) 2018 Microsoft Corporation. 著作權所有，並保留一切權利。 C:\Users\Administrator>cd\WebGoat C:\WebGoat>java -jar webwolf-8.2.2.jar It seems the application is startd on a OS with non default UTF-8 encoding:MS950 Please add: -Dfile.encoding=UTF-8 C:\WebGoat>java -jar webwolf-8.2.2.jar -Dfile.encoding=UTF-8 It seems the application is startd on a OS with non default UTF-8 encoding:MS950 Please add: -Dfile.encoding=UTF-8 C:\WebGoat>java -Dfile.encoding=UTF-8 -jar webwolf-8.2.2.jar . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.4.3) 2022-05-16 15:41:59.573 INFO 540 --- [ main] org.owasp.webwolf.WebWolf : Starting WebWolf v8.2.2 using Java 17.0.2 on WIN-VD8I3DJAJH2 with PID 540 (C:\WebGoat\webwolf-8.2.2.jar started by Administrator in C:\WebGoat) 2022-05-16 15:41:59.573 DEBUG 540 --- [ main] org.owasp.webwolf.WebWolf : Running with Spring Boot v2.4.3, Spring v5.3.4 2022-05-16 15:41:59.573 INFO 540 --- [ main] org.owasp.webwolf.WebWolf : No active profile set, falling back to default profiles: default 2022-05-16 15:42:02.171 INFO 540 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode. 2022-05-16 15:42:02.296 INFO 540 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 108 ms. Found 2 JPA repository interfaces. 2022-05-16 15:42:03.218 WARN 540 --- [ main] io.undertow.websockets.jsr : UT026010: Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used 2022-05-16 15:42:03.249 INFO 540 --- [ main] io.undertow.servlet : Initializing Spring embedded WebApplicationContext 2022-05-16 15:42:03.249 INFO 540 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 3539 ms 2022-05-16 15:42:03.746 INFO 540 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default] 2022-05-16 15:42:03.923 INFO 540 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.4.28.Final 2022-05-16 15:42:04.219 INFO 540 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.2.Final} 2022-05-16 15:42:04.629 INFO 540 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.HSQLDialect 2022-05-16 15:42:05.716 INFO 540 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform] 2022-05-16 15:42:05.732 INFO 540 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default' 2022-05-16 15:42:06.327 WARN 540 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning 2022-05-16 15:42:06.726 INFO 540 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7f353d99, org.springframework.security.web.context.SecurityContextPersistenceFilter@35d5ac51, org.springframework.security.web.header.HeaderWriterFilter@546e61d5, org.springframework.security.web.authentication.logout.LogoutFilter@761e788f, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@22a736d7, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2a3194c6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1e8ab90f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4649d70a, org.springframework.security.web.session.SessionManagementFilter@60783105, org.springframework.security.web.access.ExceptionTranslationFilter@5bc7e78e, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@210308d5] 2022-05-16 15:42:06.898 INFO 540 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor' 2022-05-16 15:42:07.383 INFO 540 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator' 2022-05-16 15:42:07.414 INFO 540 --- [ main] io.undertow : starting server: Undertow - 2.2.4.Final 2022-05-16 15:42:07.430 INFO 540 --- [ main] org.xnio : XNIO version 3.8.0.Final 2022-05-16 15:42:07.461 INFO 540 --- [ main] org.xnio.nio : XNIO NIO Implementation Version 3.8.0.Final 2022-05-16 15:42:07.585 INFO 540 --- [ main] org.jboss.threads : JBoss Threads version 3.1.0.Final 2022-05-16 15:42:07.647 INFO 540 --- [ main] o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 9090 (http) 2022-05-16 15:42:07.663 INFO 540 --- [ main] org.owasp.webwolf.WebWolf : Started WebWolf in 8.975 seconds (JVM running for 9.72)

訊息顯示 Undertow started on port(s) 9090 (http)

連上

http://localhost:9090/WebWolf

注意，是 HTTP，還有注意 WebWolf 的大小寫

會自動轉址到

http://localhost:9090/login

帳號、密碼用剛剛 WebGoat 註冊的就可以登入了。

結論：情況有些出乎預料，

第1次 Windows Server 2019上安裝很不順利，

第2次 Windows 10上安裝很順利，

第3次 Windows Server 2019上安裝很順利。

(完)

相關

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows Server 2019)(二)
https://shaurong.blogspot.com/2022/05/owasp-webgoat-822-windows-server-2019.html

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows 10)

https://shaurong.blogspot.com/2022/05/owasp-webgoat-822-windows-10.html

[研究]OWASP WebGoat 8.2.2、Webwolf 8.2.2滲透測試學習平台安安裝、啟動 (Windows 2019)
https://shaurong.blogspot.com/2022/05/owasp-webgoat-822webwolf-822.html

[研究] OWASP WebGoat 8.0 安裝
http://shaurong.blogspot.com/2018/06/owasp-webgoat-80.html

[研究] OWASP WebGoatFor.Net 安裝
http://shaurong.blogspot.com/2016/12/owasp-webgoatfornet.html

[研究] OWASP WebGoat 7.1 安裝
http://shaurong.blogspot.com/2016/12/owasp-webgoat-71.html

[研究] OWASP Zed Attack Proxy (ZAP) 2.4.2、2.6.0 滲透測試、弱點掃描工具安裝與試用
http://shaurong.blogspot.com/2015/10/owasp-zed-attack-proxy-zap-242.html