Welcome to Cycubix Docs
  • Welcome to Cycubix Docs
  • Our Cybersecurity Training Courses
  • Application Security Series
    • Web Application Security Essentials
      • Introduction | Web Application Security Essentials | Cycubix Docs
      • WebGoat | Web Application Security Essentials | Cycubix Docs
        • WebGoat Installation | Web Application Security | Cycubix Docs
          • Stand-alone
          • Docker
        • WebGoat & WebWolf Run | Web Application Security | Cycubix Docs
        • WebGoat Configuration | Web Application Security | Cycubix Docs
        • WebWolf | Web Application Security | Cycubix Docs
          • Webwolf Upload | WebWolf | Web Application Security | Cycubix
          • Webwolf Mail | WebWolf | Web Application Security | Cycubix
          • WebWolf Landing Page | Web Application Security | Cycubix Docs
        • WebGoat & WebWolf System Requirements | Cycubix Docs
      • ZAP | Web Application Security Essentials | Cycubix Docs
        • ZAP | Download & Installation | Cycubix Docs
        • ZAP | Persist ZAP Session | Cycubix Docs
        • ZAP | ZAP Proxy | Cycubix Docs
      • WebGoat Labs | Web Application Security Essentials | Cycubix Docs
        • General | HTTP Basics | Cycubix Docs
          • General | HTTP Basics (1) | Cycubix Docs
          • General | HTTP Basics (2) | Cycubix Docs
          • General | HTTP Basics (3) | Cycubix Docs
        • General | HTTP Proxies | Cycubix Docs
          • General | HTTP Proxies (1) | Cycubix Docs
          • General | HTTP Proxies (2) | Cycubix Docs
          • General | HTTP Proxies (3) | Cycubix Docs
          • General | HTTP Proxies (4) | Cycubix Docs
          • General | HTTP Proxies (5) | Cycubix Docs
          • General | HTTP Proxies (6) | Cycubix Docs
          • General | HTTP Proxies (7) | Cycubix Docs
          • General | HTTP Proxies (8) | Cycubix Docs
          • General | HTTP Proxies (9) | Cycubix Docs
        • General | Developer Tools | Cycubix Docs
          • General | Developer Tools (1) | Cycubix Docs
          • General | Developer Tools (2) | Cycubix Docs
          • General | Developer Tools (3) | Cycubix Docs
          • General | Developer Tools (4) | Cycubix Docs
          • General | Developer Tools (5) | Cycubix Docs
          • General | Developer Tools (6) | Cycubix Docs
        • General | The CIA Triad | Cycubix Docs
          • General | The CIA Triad (1) | Cycubix Docs
          • General | The CIA Triad (2) | Cycubix Docs
          • General | The CIA Triad (3) | Cycubix Docs
          • General | The CIA Triad (4) | Cycubix Docs
          • General | The CIA Triad (5) | Cycubix Docs
        • A1:2021 | Broken Access Control | Cycubix Docs
          • A1:2021 | Hijack a Session | Cycubix Docs
            • A1:2021 | Hijack a Session (1) | Cycubix Docs
            • A1:2021 | Hijack a Session (2) | Cycubix Docs
          • A1:2021 | Insecure Direct Object Reference | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (1) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (2) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (3) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (4) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (5) | Cycubix Docs
            • A1:2021 | Insecure Direct Object Reference (6) | Cycubix Docs
          • A1:2021 | Missing Function Level Access Control | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (1) | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (2) | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (3) | Cycubix Docs
            • A1:2021 | Missing Function Level Access Control (4) | Cycubix Docs
          • A1:2021 | Spoofing an Authentication Cookie | Cycubix Docs
            • A1:2021 | Spoofing an Authentication Cookie (1) | Cycubix Docs
            • A1:2021 | Spoofing an Authentication Cookie (2) | Cycubix Docs
        • A2:2021 | Cryptographic Failures | Cycubix Docs
          • A2:2021 | Crypto Basics (1) | Cycubix Docs
          • A2:2021 | Crypto Basics (2) | Cycubix Docs
          • A2:2021 | Crypto Basics (3) | Cycubix Docs
          • A2:2021 | Crypto Basics (4) | Cycubics Docs
          • A2:2021 | Crypto Basics (5) | Cycubix Docs
          • A2:2021 | Crypto Basics (6) | Cycubix Docs
          • A2:2021 | Crypto Basics (7) | Cycubix Docs
          • A2:2021 | Crypto Basics (8) | Cycubix Docs
          • A2:2021 | Crypto Basics (9) | Cycubix Docs
        • A3:2021 | Injection | Cycubix Docs
          • A3:2021 | SQL Injection Intro | Cycubix Docs
            • A3:2021 | SQL Injection Intro (1) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (2) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (3) | Cycubix Docs
            • A3:2021 | SQL injection Intro (4) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (5) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (6) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (7) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (8) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (9) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (10) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (11) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (12) | Cycubix Docs
            • A3:2021 | SQL Injection Intro (13) | Cycubix Docs
          • A3:2021 | SQL Injection Advanced | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (1) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (2) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (3) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (4) | Cycubix Docs
            • A3:2021 |SQL Injection Advanced (5) | Cycubix Docs
            • A3:2021 | SQL Injection Advanced (6)| Cycubix Docs
          • A3:2021 | Injection | SQL Injection Mitigation | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (1) | Cycubics Docs
            • A3:2021 | SQL Injection Mitigation (2) |
            • A3:2021 | SQL Injection Mitigation (3) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (4) | Cycubix Docs
            • A3:2021 | SQL injection Mitigation (5) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (6) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (7) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (8) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (9) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (10) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (11) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (12) | Cycubix Docs
            • A3:2021 | SQL Injection Mitigation (13) | Cycubix Docs
          • A3:2021 | Cross-Site Scripting (XSS) | Cycubix Docs
            • A3:2021 | Cross Site Scripting XXS (1) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (2) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (3) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (4) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (5) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (6) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (7) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (8) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (9) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (10) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (11) | Cycubix Docs
            • A3:2021 | Cross Site Scripting (XSS) (12) | Cycubix Docs
          • A3:2021 | Cross Site Scripting Stored | Cycubix Docs
            • A3:2021 | Cross Site Scripting Stored (1) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Stored (2)
            • A3:2021 | Cross Site Scripting Stored (3) | Cycubix Docs
          • A3:2021 | Cross Site Scripting Mitigation | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (1) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (2) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (3) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (4) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (5) | Cycubix Docs
            • A3:2021 | Cross Site Scripting Mitigation (6) |
          • A3:2021 | Path Transversal | Cycubix Docs
            • A3: 2021 | Path Transversal (1) | Cycubix Docs
            • A3:2021 | Path Transversal (2) | Cycubix Docs
            • A3:2021 | Path Transversal (3) | Cycubix Docs
            • A3:2021 | Path Transversal (4) | Cycubix Docs
            • A3:2021 | Path Transversal (5) | Cycubix Docs
            • A3:2023 | Path Transversal (6) | Cycubix Docs
            • A3:2021 | Path Transversal (7) | Cycubix Docs
            • A3:2021 | Path Transversal (8) | Cycubix Docs
        • A5:2021 | Security Misconfiguration | Cycubix Docs
          • A5:2021 | Security Misconfiguration (1) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (2) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (3) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (4) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (5) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (6) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (7) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (8) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (9) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (10) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (11) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (12) | Cycubix Docs
          • A5:2021 | Security Misconfiguration (13) | Cycubix Docs
        • A6:2021 | Vulnerable and Outdated Components | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (1) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (2) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (3) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (4) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (5) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (6) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (7) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (8) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (9) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (10) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (11) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (12) | Cycubix Docs
          • A6:2021 | Vulnerable and Outdated Components (13) | Cycubix Docs
        • A7:2021 | Identity and Authentication Failure | Cycubix Docs
          • A7:2021 | Authentication Bypasses | Cycubix Docs
            • A7:2021 | Authentication Bypasses (1) | Cycubix Docs
            • A7:2021 | Authentication Bypasses (2) | Cycubix Docs
          • A7:2021 | Insecure Login | Cycubix Docs
            • A7:2021 | Insecure Login (1) | Cycubix Docs
            • A7:2021 | Insecure Login (2) | Cycubix Docs
          • A7: 2021 | JWT Tokens | Cycubix Docs
            • A7: 2021 | JWT Tokens (1) | Cycubix Docs
            • A7: 2021 | JWT Tokens (2) | Cycubix Docs
            • A7: 2021 | JWT Tokens (3) | Cycubix Docs
            • A7: 2021 | JWT Tokens (4) | Cycubix Docs
            • A7: 2021 | JWT Tokens (5) | Cycubix Docs
            • A7: 2021 | JWT Tokens (6) | Cycubix Docs
            • A7: 2021 | JWT Tokens (7) | Cycubix Docs
            • A7: 2021 | JWT Tokens (8) | Cycubix Docs
            • A7: 2021 | JWT Tokens (9) | Cycubix Docs
            • A7: 2021 | JWT Tokens (10) | Cycubix Docs
            • A7: 2021 | JWT Tokens (11) | Cycubix Docs
            • A7: 2021 | JWT Tokens (12) | Cycubix Docs
            • A7: 2021 | JWT Tokens (13) | Cycubix Docs
            • A7: 2021 | JWT Tokens (14) | Cycubix Docs
            • A7: 2021 | JWT Tokens (15) | Cycubix Docs
            • A7: 2021 | JWT Tokens (16) | Cycubix Docs
            • A7: 2021 | JWT Tokens (17) | Cycubix Docs
            • A7: 2021 | JWT Tokens (18) | Cycubix Docs
            • A7: 2021 | JWT Tokens (19) | Cycubix Docs
          • A7:2021 | Password Reset | Cycubix Docs
            • A7:2021 | Password Reset (1) | Cycubix Docs
            • A7:2021 | Password Reset (2) | Cycubix Docs
            • A7:2021 | Password Reset (3) | Cycubix Docs
            • A7:2021 | Password Reset (4) | Cycubix Docs
            • A7:2021 | Password Reset (5) | Cycubix Docs
            • A7:2021 | Password Reset (6) | Cycubix Docs
            • A7:2021 | Password Reset (7) | Cycubix Docs
          • A7:2021 | Secure Passwords | Cycubix Docs
            • A7:2021 | Secure Passwords (1) | Cycubix Docs
            • A7:2021 | Secure Passwords (2) | Cycubix Docs
            • A7:2021 | Secure Passwords (3) | Cycubix Docs
            • A7:2021 | Secure Passwords (4) | Cycubix Docs
            • A7:2021 | Secure Passwords (5) | Cycubix Docs
            • A7:2021 | Secure Passwords (6) | Cycubix Docs
        • A8:2021 | Software and Data Integrity | Cycubix Docs
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (1) | Cycubix Docs
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (2) | Cycubix Doc
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (3) | Cycubix Doc
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (4) | Cycubix Doc
          • A8:2021 | Software and Data Integrity | Insecure Deserialization (5) | Cycubix Doc
        • A9:2021 | Security Logging Failures | Cycubix Docs
          • A9:2021 | Logging Security (1) | Cycubix Docs
          • A9:2021 | Logging Security (2) | Cycubix Docs
          • A9:2021 | Logging Security (3) | Cycubix Docs
          • A9:2021 | Logging Security (4) | Cycubix Docs
          • A9:2021 | Logging Security (5) | Cycubix Docs
        • A10: 2021 | Server Side Request Forgery | Cycubix Docs
          • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (1) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (2) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (3) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (4) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (5) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (6) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (7) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (8) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery | Cross Site Request Forgery (9) | Cycubix Docs
          • A10:2021 | Client Side Request Forgery | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (1) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (2) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (3) | Cycubix Docs
            • A10:2021 | Server Side Request Forgery (4) | Cycubix Docs
        • Client Side | Cycubix Docs
          • Client Side | Bypass Front End Restrictions | Cycubix Docs
            • Client Side | Bypass Front End Restrictions (1) | Cycubix Docs
            • Client Side | Bypass Front End Restrictions (2) | Cycubix Docs
            • Client Side | Bypass Front End Restrictions (3) | Cycubix Docs
          • Client Side Filtering | Cycubix Docs
            • Client Side | Client Side Filtering (1) | Cycubix Docs
            • Client Side | Client Side Filtering (2) | Cycubix Docs
            • Client Side | Client Side Filtering (3) | Cycubix Docs
          • Client Side | HTML Tampering | Cycubix Docs
            • Client Side | HTML Tampering (1) | Cycubix Docs
            • Client Side | HTML Tampering (2) | Cycubix Docs
            • Client Side | HTML Tampering (3) | Cycubix Docs
        • Challenges | Cycubix Docs
          • Challenges | Admin Lost Password | Cycubix Docs
          • Challenges | Without password | Cycubix Docs
          • Challenges | Admin Password Reset | Cycubix Docs
          • Challenges | Without Account | Cycubox Docs
  • ISC2 Courses
    • CCSP
      • CCSP Domains
      • CCSP Resource Materials
        • CCSP Mind Map | Cycubix Docs
        • CCSP Official Study Guide
        • CCSP Official Practice Tests
        • CCSP Online Test Bank
    • CISSP
      • CISSP Domains
        • Domain 1: Security and Risk Management
        • Domain 2: Asset Security
          • Link Encryption vs End-to-End Encryption
        • Domain 3: Security Architecture and Engineering
        • Domain 4: Communication and Network Security
        • Domain 5: Identity and Access Management (IAM)
        • Domain 6: Security Assessment and Testing
        • Domain 7: Security Operations
        • Domain 8: Software Development Security
      • CISSP Resource Materials
        • CISSP Official Flashcards
        • CISSP Mind Map | Cycubix Docs
        • CISSP Exam Outline
        • CISSP Official Study Guide
        • CISSP Official Practice Tests
        • CISSP Online Test Bank
        • CISSP Glossary
    • CSSLP
      • CSSLP Resource Materials
        • ISC2 CSSLP Official Flashcards
        • CSSLP Mind Map | Cycubix Docs
        • CSSLP Exam Outline | Cycubix Docs
    • Lexicon
      • A
      • B
  • AWS Courses
    • AWS Certified Security – Specialty (SCS-C02)
  • Crowdstrike
    • Troubleshooting Mac Devices
      • Mac sensors on macOS Ventura may fail to remove Falcon.app when uninstalling
      • System Extensions not activated
  • Jamf
    • Jamf Protect
Powered by GitBook
On this page
  • Method 1 - WebGoat and WebWolf All-in-One Image
  • Method 2 - WebGoat and WebWolf Docker Compose
  • How Docker and WebGoat Work Together?
  • Accessing WebGoat in a Browser
  • Communication Flow
  • Visual Representation

Was this helpful?

  1. Application Security Series
  2. Web Application Security Essentials
  3. WebGoat | Web Application Security Essentials | Cycubix Docs
  4. WebGoat Installation | Web Application Security | Cycubix Docs

Docker

PreviousStand-aloneNextWebGoat & WebWolf Run | Web Application Security | Cycubix Docs

Last updated 11 months ago

Was this helpful?

Method 1 - WebGoat and WebWolf All-in-One Image

The easiest way to start WebGoat as a Docker container is to use the All-in-One WebGoat image which contains both WebGoat and WebWolf as well as an NGINX reverse proxy.

  1. Run the following command to download the All-in-One image from DockerHub, and consequently install and execute both WebGoat and WebWolf.

docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/webgoat

Method 2 - WebGoat and WebWolf Docker Compose

Another way to deply WebGoat and WebWolf in a more advanced way is to use a compose-file such as the docker-compose.yml from the WebGoat Github repository. This will start both containers and it also takes care of setting up the connection between WebGoat and WebWolf.

  1. Create folder WASE in your laptop / PC and go into that folder.

  2. Run the following command from the folder WASE.

curl https://raw.githubusercontent.com/WebGoat/WebGoat/develop/docker-compose.yml | docker-compose -f - up

Important: the current directory on your host will be mapped into the container for keeping state.

Using the docker-compose file will simplify getting WebGoat and WebWolf up and running.

How Docker and WebGoat Work Together?

  1. Docker Container:

    • When you run docker run -d -p 8080:8080 webgoat/webgoat-8.0, Docker creates a container from the WebGoat image. This container is a lightweight, standalone, and executable package that includes everything needed to run the application, including the code, runtime, libraries, and dependencies.

  2. Port Mapping:

    • The -p 8080:8080 flag in the Docker command maps port 8080 on your host machine (Windows 11) to port 8080 in the Docker container where WebGoat is running.

    • This means that any network traffic sent to port 8080 on your host machine is forwarded to port 8080 inside the container.

  3. Web Server:

    • Inside the Docker container, WebGoat runs a web server that listens for HTTP requests on port 8080.

Accessing WebGoat in a Browser

  1. Open a Web Browser:

    • Launch your preferred web browser (e.g., Chrome, Firefox, Edge).

  2. Enter the URL:

    • Type http://localhost:8080/WebGoat in the address bar and press Enter.

    • localhost refers to your local machine, and 8080 is the port that Docker is forwarding to the WebGoat container.

Communication Flow

  1. Browser Request:

    • When you enter the URL and press Enter, your browser sends an HTTP request to http://localhost:8080/WebGoat.

  2. Docker Port Forwarding:

    • Docker receives the request on port 8080 of your host machine.

    • Docker forwards this request to port 8080 inside the WebGoat container.

  3. WebGoat Server:

    • The WebGoat server running inside the container receives the request.

    • WebGoat processes the request and generates a response (e.g., an HTML page).

  4. Response to Browser:

    • The WebGoat server sends the response back to Docker.

    • Docker forwards the response from port 8080 in the container to port 8080 on your host machine.

    • Your browser receives the response and renders the WebGoat application.

Visual Representation

Here's a visual representation of the communication flow:

file