I gave this talk in one of internal sessions at Trantor. Goal was to acquaint one of our software teams into the world of application security. This was a basic talk, just to familiarize attendees with basic information security concepts. I leveraged this opportunity to propose setting up a Red Team in Trantor.
As practical part of this session, I created a docker based virtual lab with
webgoat set up. During the session we went through some of the exercises, rest
were left for the attendees as homework. Here’s the
that was used in the session.
version: '3' services: webgoat: image: webgoat/webgoat-8.0 environment: - WEBWOLF_HOST=webwolf - WEBWOLF_PORT=9090 ports: - "8080:8080" - "9001:9001" volumes: - ./docker-volumes/webgoat-home:/home/webgoat/.webgoat webwolf: image: webgoat/webwolf ports: - "9090:9090" command: --spring.datasource.url=jdbc:hsqldb:hsql://webgoat:9001/webgoat --server.address=0.0.0.0
To start the lab, simply create a directory, save above snippet as
docker-compose.yml, and run
docker-compose up in it. You will then be able
to access webgoat on http://localhost:8080/WebGoat