nerdexam
EC-Council

312-50V11 · Question #544

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

The correct answer is B. WebGoat. WebGoat is the official OWASP project that provides a deliberately insecure Java-based web application used to practice exploiting common web vulnerabilities in a safe, legal environment.

Hacking Web Applications

Question

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

Options

  • AWebBugs
  • BWebGoat
  • CVULN_HTML
  • DWebScarab

How the community answered

(46 responses)
  • A
    2% (1)
  • B
    89% (41)
  • C
    2% (1)
  • D
    7% (3)

Why each option

WebGoat is the official OWASP project that provides a deliberately insecure Java-based web application used to practice exploiting common web vulnerabilities in a safe, legal environment.

AWebBugs

WebBugs is not an OWASP project; the term refers to tracking pixels (1x1 images) used for web analytics and surveillance, not a vulnerability training application.

BWebGoatCorrect

WebGoat is an OWASP-maintained, intentionally vulnerable web application that teaches developers and testers how to exploit weaknesses such as SQL injection, XSS, and broken authentication through interactive lessons. It is designed to run locally so that users can attack real application code without legal or ethical risk. It directly maps its lessons to the OWASP Top 10 and other vulnerability categories, making it the canonical OWASP learning platform for web security.

CVULN_HTML

VULN_HTML is not a real OWASP project or recognized security tool - this is a fabricated distractor.

DWebScarab

WebScarab was an OWASP web application proxy and intercepting tool used for testing, not a vulnerable target application designed for practice attacks.

Concept tested: OWASP WebGoat intentionally vulnerable application

Source: https://owasp.org/www-project-webgoat/

Topics

#WebGoat#OWASP#vulnerable web application#security training

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice