Here are (draft) notes on my efforts to get WebGoat.Net up and running (which might help help others since there is very little documentation about this great new OWASP Project)
After cloning from https://github.com/jerryhoff/WebGoat.NET and using the code from the https://github.com/jerryhoff/WebGoat.NET/tree/new-lessons branch (note that there is now the https://github.com/OWASP/WebGoat.NET repo, which is a better home for this code), I was able to get WebGoat.Net running (see below the probs I had to solve), and here is what the first page looks like:
Clicking on ‘Customer Login’ takes us to a login page:
Where we can see an SQL Injection in action:
Note the Mono.Data.Sqlite.SqliteException: SQLite error near "bbb" message
At the moment the login doesn’t seem to be really working, since we can login as any user
with no password:
BE INVOLVED and HELP this project:
There doesn't seem to be a lot of documentation and help about this project, so if you are looking for a nice project to be involved, this is a good one.
I enabled the GitHub Issues in the repo, and added a couple ones in there to kickstart it:
Next are my draft notes and screenshots about how I got WebGoat.Net to run
Forking the original REPO into the OWASP Organization
From https://github.com/jerryhoff/WebGoat.NET I forked into https://github.com/OWASP/WebGoat.NET
where I pushed my changes into the VS_2010 branch
Here are the two commits I added
Here is the Network map (note that my changes where made from the new-lessons branch:
Installation Process (Creating the Database)
After dealing with the errors described below, this is what the first page looks like
clicking on Set Up Database! gives us:
And clicking on the Rebuild Database (after setting the Client Executable value)
created a test database for us:
Errors and issues that where solved during setup
Initially I had an error happening because of a failure to load the SQLITE3 dll by Mono.Data.Sqlite (see $exeception value below)
The solution was to copy the sqlite3.dll version from http://sqlite.org/download.html to the bin folder
Where I also copied the sqlite3.exe (which was used during the install)
Weird errors:
After upgrading to VS 2010, I got this error on first execution:
Looking at the references, it looks like System.Core.dll is missing
But it can’t seem to be added using Add References:
This was solved by removing the using statements and other references to System.Linq
Other weird errors were (resolved after a code recompile)
and (also resolved after a server recompile):
