312-50V11 · Question #544
Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?
The correct answer is B. WebGoat. WebGoat is the official OWASP project that provides a deliberately insecure Java-based web application used to practice exploiting common web vulnerabilities in a safe, legal environment.
Question
Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?
Options
- AWebBugs
- BWebGoat
- CVULN_HTML
- DWebScarab
How the community answered
(46 responses)- A2% (1)
- B89% (41)
- C2% (1)
- D7% (3)
Why each option
WebGoat is the official OWASP project that provides a deliberately insecure Java-based web application used to practice exploiting common web vulnerabilities in a safe, legal environment.
WebBugs is not an OWASP project; the term refers to tracking pixels (1x1 images) used for web analytics and surveillance, not a vulnerability training application.
WebGoat is an OWASP-maintained, intentionally vulnerable web application that teaches developers and testers how to exploit weaknesses such as SQL injection, XSS, and broken authentication through interactive lessons. It is designed to run locally so that users can attack real application code without legal or ethical risk. It directly maps its lessons to the OWASP Top 10 and other vulnerability categories, making it the canonical OWASP learning platform for web security.
VULN_HTML is not a real OWASP project or recognized security tool - this is a fabricated distractor.
WebScarab was an OWASP web application proxy and intercepting tool used for testing, not a vulnerable target application designed for practice attacks.
Concept tested: OWASP WebGoat intentionally vulnerable application
Source: https://owasp.org/www-project-webgoat/
Topics
Community Discussion
No community discussion yet for this question.