OWASP or Open Web Application Security Project is an open source community which shares best practices, tools, guidelines and applications in the IT field of information security. Every year conferences are held in several places where members and all interested parties come together.
Here are some pages that describe how to run WebGoat locally on a Windows/Mac host using Docker/Kubernetes, or on several Cloud Container service providers:
- Local Docker-Kubernetes on Mac/Windows
- WebGoat on IBM Cloud
- WebGoat on Google Cloud
- WebGoat on Microsoft Azure Cloud
Integration with other OWASP projects
OWASP WebGoat uses a menu with lessons which are organised following the OWASP top 10. In the exercises the use of OWASP ZAP is explained. Once you are able to solve the assignments, you can try to use OWASP Modsecurity CRS as a Web Application Firewall to see how effective it is in stopping the vulnerabilities in WebGoat.
The OWASP Top 10 is published every 5 years and lists the top 10 known and most problematic vulnerabilities.
OWASP WebGoat is an application where you can learn about these vulnerabilities. The application has built in vulnerabilities in a way that you can test the vulnerabilities, learn about them and see how to mitigate these.
OWASP ZAP is an intercepting proxy which you can use in the assignments for WebGoat.