Home WebGoat
WebGoat
WebGoat is a deliberately insecure web application maintained by OWASP, designed to teach web application security lessons and practices through hands-on experimentation.
Language
JavaScript
Latest Release
v2025.3
License
Other
Key Features
- Deliberately vulnerable web application for learning security
- Hands-on tutorials with real vulnerabilities
- Covers common web security risks and mitigations
- Role-based user scenarios
- Widely used in security training and workshops
Alternative Tools
DVWAJuice ShopMutillidaebWAPP
Resources
Community
Stars
8.8k
Open Issues
49
Forks
7.0k