#Webgoat

##1.Webgoat是干什么的 WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat. There are other 'goats' such as WebGoat for .Net. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application aims to provide a realistic teaching environment, providing users with hints and code to further explain the lesson.

##2.安装启动

1. 下载地址： https://github.com/WebGoat/WebGoat/releases 下载下来的就是一个jar包

2. java -jar webgoat-container-7.0.1-war-exec.jar （需要安装JDK）

##3. 应用

浏览器打开http://127.0.0.1:8080/WebGoat/login.mvc 左侧就是它可以用的课程。solution是答案，hints是提示。