WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP, designed to teach web application security lessons and practices through hands-on experimentation.

Language

JavaScript

Latest Release

v2025.3

License

Other

Our Newsletter

Get new Security tools right in your inbox

Get short emails with useful security projects, releases, and repos worth watching.

Key Features

Deliberately vulnerable web application for learning security
Hands-on tutorials with real vulnerabilities
Covers common web security risks and mitigations
Role-based user scenarios
Widely used in security training and workshops

Alternative Tools

DVWAJuice ShopMutillidaebWAPP

Resources

GitHub Repository Official Website

Community

Stars

8.8k

Open Issues

Forks

7.0k