I gave this talk in one of internal sessions at Trantor. Goal was to acquaint one of our software teams into the world of application security. This was a basic talk, just to familiarize attendees with basic information security concepts. I leveraged this opportunity to propose setting up a Red Team in Trantor.
As practical part of this session, I created a docker based virtual lab with webgoat set up. During the session we went through some of the exercises, rest were left for the attendees as homework. Here’s the
docker-compose.yml file that was used in the session.
version: '3' services: webgoat: image: webgoat/webgoat-8.0 environment: - WEBWOLF_HOST=webwolf - WEBWOLF_PORT=9090 ports: - "8080:8080" - "9001:9001" volumes: - ./docker-volumes/webgoat-home:/home/webgoat/.webgoat webwolf: image: webgoat/webwolf ports: - "9090:9090" command: --spring.datasource.url=jdbc:hsqldb:hsql://webgoat:9001/webgoat --server.address=0.0.0.0
To start the lab, simply create a directory, save above snippet as
docker-compose.yml, and run
docker-compose up in it. You will then be able to access webgoat on http://localhost:8080/WebGoat