5

I am just starting with WebGoat. On their GitHub page [https://github.com/WebGoat/WebGoat], they have this warning posted:

WARNING 1: While running this program your machine will be 
extremely vulnerable to attack. You should to disconnect
from the Internet while using this program. [sic]

What does this mean? My naive understanding says that this is run on a localhost, then where lies the vulnerability?

P.S.: It could be better if you could explain this for one just trying to get off the surface, or anyway, I am looking forward to learn, so please enlighten me. Any advice for one starting off is also most welcome. Thank you all!

devautor
  • 153
  • 5

1 Answers1

5

WebGoat is an application that is designed to be susceptible to network attacks. Theoretically, your computer becomes vulnerable to a network attack when you're running WebGoat. Imagine if an attacker were to leverage the WebGoat vulnerability for the lesson about performing code injections, This would allow the attacker to execute commands on your computer. Very bad.

An attacker will need network access to your computer to execute the attack. You likely have a firewall on your network that will limit attackers to your local network. That said, you are still reducing the safety of your computer by running WebGoat. Especially as firewalls sometimes are misconfigured or have vulnerabilities that can cause them to let packets from the internet into the local network.

WebGoat's recommendation is to disconnect your computer from the internet which will remove the risk of a network attack. That means unplugging your network cable and/or disconnecting your WiFi connection. It seems like a reasonable protection to me.

Neil Smithline
  • 14,621
  • 4
  • 38
  • 55