WebGoat is a project by OWASP that uses as lessons for developers to understand common security loop hole.
There is two ways of running that. The first one is simply downloading the bundled WAR file, and it can be run with this command
java -jar webgoat-container-7.0.1-war-exec.jar
The other way is checking out the source code, and run with your favorite IDE. In my case I use IntelliJ
Basically the folder structure is as followed.
WebGoatWS - WebGoat - - webgoat-container - WebGoat-Lessons
Both WebGoat and WebGoat-Lessons are git repository. They require Maven to run. To run it locally, We need to download the WebGoat and WebGoat-Lessons.
mkdir WebGoatWS cd WebGoatWS git clone https://github.com/WebGoat/WebGoat.git git clone https://github.com/WebGoat/WebGoat-Lessons.git
And then create a Workspace in IntelliJ in WebGoatWS level.
After that, we have to create three maven profile. The equivalent in command line is as followed
cd WebGoat mvn install
cd WebGoat-Lessons mvn install
After compiling both projects, we need to copy the lessons JARs from WebGoat-Lessons to WebGoat
cp WebGoat-Lesson/target/plugins/*.jar WebGoat/webgoat-container/src/main/webapp/plugin_lessons/
Finally, the app can be started with the following command.
cd WebGoat/webgoat-container mvn tomcat7:run-war
We can access the App with http://localhost:8080/WebGoat/