Robin Niinemets

Cybersecurity Student

Helsinki, Finland

×
Docker logo

WebGoat running on Docker

Containerizing Hacking Platform

This was a small project that I did as part of my studies in cybersecurity. The goal was to containerize a hacking platform called WebGoat using Docker. The project was a great learning experience, as it allowed me to get hands-on experience with containerization and learn more about how Docker works.

Role

Cybersecurity Student

Duration

5 Hours

Tools

Docker

WebGoat

ZAP

Table Of Contents

  1. What is WebGoat?
  2. Why run it on Docker?
  3. What did I really learn?
  4. Conclusion

✘ What is WebGoat?

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. The project is a great way to learn about common web application vulnerabilities and how to prevent them.

WebGoat is a Java web application that contains a number of lessons that cover topics such as SQL injection, cross-site scripting, and more. The lessons are designed to be hands-on and interactive, allowing users to learn by doing. WebGoat is a great tool for anyone looking to learn more about web application security, whether you are a developer, tester, or security professional.

✘ Why run it on Docker?

Docker is a containerization platform that allows you to package and run applications in isolated environments called containers. By running WebGoat on Docker, you can easily deploy and run the application on any system that supports Docker, without having to worry about dependencies or configuration issues. This makes it easy to set up and run WebGoat in a consistent and reproducible way, which is important when working with security tools like WebGoat.

Docker also provides security benefits by isolating the application in its own container, which helps prevent vulnerabilities in the application from affecting the host system. This is especially important when working with insecure applications like WebGoat, as it helps protect the host system from potential attacks.

Overall, running WebGoat on Docker is a great way to simplify the deployment and management of the application, while also providing security benefits that help protect the host system from potential attacks. And to me personally it was easy to learn and understand how Docker works.

✘ What did I really learn?

Some modules I did on WebGoat were [A3] SQL Injection, [A7] Identity & Auth Failure and [A9] Logging security. I learned how to exploit SQL injection vulnerabilities, how to bypass authentication controls, and how to log spooffing and log bleeding work. I also learned how to use tools like ZAP to identify and exploit vulnerabilities in web applications.

✘ Conclusion

Right now I am still doing WebGoat modules and learning more about cybersecurity. I am also learning more about Docker and how to use it in different projects. I am planning to do more projects like this in the future, as I believe that hands-on experience is the best way to learn about cybersecurity.

Docker is a great tool for containerizing applications and simplifying the deployment process. I personally enjoyed working with Docker and WebGoat, and I look forward to using Docker in future projects.