OWASP WebGoat v5.4 Web Hacking Simulation WalkThrough Series
Lesson category titles (e.g., Unvalidated Parameters) may be dynamically changing per WebGoat new version. Please search your desired movies by lesson titles such as Command Injection, Stored XSS, Forced Browsing. We won’t be modifying category titles in our movies in accordance with every new WebGoat version.
Tools and techniques used in our movies are not the only way to get through. There are many other alternatives to achieve the same goal. There are a few movies left intentionally. These are do-it-yourself exercises.
http://webappsecmovies.sourceforge.net/webgoat/
