Updated to 5.4

mayhew64@gmail.com · mayhew64@gmail.com · commit 6d4476d46efe · 2012-04-26T17:11:32.000Z
git-svn-id: http://webgoat.googlecode.com/svn/trunk@469 4033779f-a91e-0410-96ef-6bf7bf53c507
diff --git a/webgoat/README.txt b/webgoat/README.txt
@@ -1,12 +1,16 @@
-**********          WebGoat 5.3
-**********          November/10/2000
+**********
+**********          WebGoat 5.4
+**********          April/27/2012
 **********
 **
-**  Source Code:  http://code.google.com/p/webgoat
-**  Download:     http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824
-**  Download:     http://code.google.com/p/webgoat/downloads/list   (Does not have Developer release)
-**  User Guide:   http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
+**  Home Page:    http://code.google.com/p/webgoat
 **  Home Page:    http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
+**  Source Code:  http://code.google.com/p/webgoat/source/checkout
+**  Download:     http://code.google.com/p/webgoat/downloads/list   
+**  Download:     http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824 (older stuff)
+**  User Guide:   http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
+**  Wiki:         http://code.google.com/p/webgoat/w/list
+**  FAQ:          http://code.google.com/p/webgoat/wiki/FAQ
 **  Contact Info: webgoat@owasp.org (Direct to Bruce Mayhew)
 **  Mailing List: owasp-webgoat@lists.owasp.org (WebGoat Community - For most questions)
 **
@@ -35,9 +39,9 @@ You can find more information about WebGoat at:
 http://code.google.com/p/webgoat
 
 
---------------
-Prerequisites (Skip to Option 3 for unzip and click to run configruation): 
---------------
+----------------------------------------------------------------------------------------
+Prerequisites for Developers (Skip to Option 3 for unzip and click to run configruation) 
+----------------------------------------------------------------------------------------
 
 These tools must be installed independent of the webgoat download.
 - Java 1.6
@@ -48,16 +52,17 @@ These tools must be installed independent of the webgoat download.
 	In Ubuntu it can be installed with:
 	> apt-get install maven2
 - WebGoat source code
-    WebGoat source code can be downloaded at: http://webgoat.googlecode.com/svn/trunk/
-    Use an svn client (ex: Tortoise svn) to checkout the code.
+    WebGoat source code can be downloaded at: 
+          http://code.google.com/p/webgoat/source/checkout
+    Use an svn client (ex: Tortoise svn) to checkout the code in the trunk.
     
 
 	
---------------------
-Building the project
---------------------
+---------------------------------
+Building the project (Developers)
+---------------------------------
 
-Using the cmd shell:
+Using a command shell/window:
 
 > cd webgoat
 > mvn compile
@@ -69,9 +74,9 @@ delete artifacts from previous build:
 > mvn clean
 
 
-----------------------------------
-Building the Eclipse project files
-----------------------------------
+-----------------------------------------------
+Building the Eclipse project files (Developers)
+-----------------------------------------------
 
 > mvn eclipse:clean
 > mvn eclipse:eclipse
@@ -85,11 +90,11 @@ This folder is located in your username root folder, the same folder where "my d
 You can declare new variables in Eclipse in Windows -> Preferences... and selecting Java -> Build Path -> Classpath Variables
 
 
----------------------------------------------------
-Option 1: Run the project on Tomcat within Eclipse
----------------------------------------------------
+-------------------------------------------------------------------
+Option 1: (Developers) Run the project on Tomcat within Eclipse
+-------------------------------------------------------------------
 
-Install a local Tomcat server
+Install a local Tomcat server (We use Tomcat 7)
 1. Download and unzip Apache Tomcat from http://tomcat.apache.org. 
 2. Adapt the conf/tomcat-users.xml file of your Tomcat server:
 <?xml version="1.0" encoding="UTF-8"?>
@@ -115,21 +120,77 @@ Install a local Tomcat server
 3. Right Click on the webgoat project within eclipse -> Run As -> Run on server 
 
 Point your browser to http://localhost:8080/webgoat/attack
+** Note - When running in eclipse, the default url will be lowercase "webgoat"
 
 
-----------------------------------------------
-Option 2: Run the project on Tomcat with Maven
-----------------------------------------------
+-----------------------------------------------------------
+Option 2: (Developers) Run the project on Tomcat with Maven
+-----------------------------------------------------------
 
 1. mvn tomcat:run-war
-2. http://localhost:8080/webgoat/attack
+2. http://localhost:8080/WebGoat/attack
 
 
---------------------------------------------------------
-Option 3: Run from the WebGoat 5.3 Standard distribution
---------------------------------------------------------
-1. Download the WebGoat-OWASP_Standard-X.X.zip file from http://code.google.com/p/webgoat/downloads/list
+------------------------------------------------------------------
+Option 3: Run from the WebGoat 5.X Standard distribution (Windows)
+------------------------------------------------------------------
+
+1. Download the WebGoat-5.X-OWASP_Standard_Win32.zip file from:
+        - http://code.google.com/p/webgoat/downloads/list
 2. Unzip the file
 3. Double click webgoat.bat
-4. Browse to http://localhost/webgoat/attack
+4. Browse to http://localhost/WebGoat/attack
+
+** Note: if you receive a bind address error use:
 
+3. Double click webgoat8080.bat
+4. Browse to http://localhost:8080/WebGoat/attack
+
+
+------------------------------------------------------------------
+Option 4: Run from the WebGoat 5.X Standard distribution (Ubuntu)
+------------------------------------------------------------------
+
+1. Download the WebGoat-5.X-OWASP_Standard_Ubuntu32.zip file from:
+        - http://code.google.com/p/webgoat/downloads/list
+2. Unzip the file
+3. run sudu ./webgoat.sh start80
+4. Browse to http://localhost/WebGoat/attack
+
+** Note: if you receive a bind address or privilege error:
+
+3. run ./webgoat.sh start8080
+4. Browse to http://localhost:8080/WebGoat/attack
+
+shutdown the server with:
+./webgoat.sh stop
+
+------------------------------------------------------------------
+Option 5: Using the  WebgGoat-5.X.war
+------------------------------------------------------------------
+
+Windows:
+
+1. Download and install Java 1.6 and Tomcat 7 if needed
+2. Download the WebgGoat-5.X.war and README-5.X file from:
+    - http://code.google.com/p/webgoat/downloads/list
+3. Rename WebgGoat-5.X.war to WebgGoat.war
+4. Copy WebGoat.war to <tomcat>/webapps/WebGoat.war
+5. Modify the <tomcat>/conf/tomcat-users.xml to add in WebGoat users and roles
+    - see the FAQ for directions 
+6. Start the tomcat server (default is usually port 8080)
+7. Browse to http://localhost:8080/WebGoat/attack
+
+Ubuntu:
+
+1. Install Java 1.6 and Tomcat 7 if needed
+    - Install java using: sudo apt-get install openjdk-7-jre
+    - Download Tomcat 7 from http://tomcat.apache.org/download-70.cgi (core tar.gz)
+2. Download the WebgGoat-5.X.war and README-5.X file from:
+    - http://code.google.com/p/webgoat/downloads/list
+3. Rename WebgGoat-5.X.war to WebgGoat.war
+4. Copy WebGoat.war to <tomcat>/webapps/WebGoat.war
+5. Modify the <tomcat>/conf/tomcat-users.xml to add in WebGoat users and roles
+    - see the FAQ for directions 
+6. Start the tomcat server (default is usually port 8080)
+7. Browse to http://localhost:8080/WebGoat/attack
