GitHub - playframework/play-webgoat: A vulnerable Play application for attackers. (original) (raw)

play-webgoat

Twitter Follow Discord GitHub Discussions StackOverflow YouTube Twitch Status OpenCollective

Build Status Repository size Scala Steward badge Mergify Status

A vulnerable Play application for attackers.

This application stays clear of the Twirl template engine for the most part, and shows where unvalidated input from the client can be improperly trusted by the application and included in the response.

Running

sbt run

Then go to http://localhost:9000.

Scala versions

Cross-building to Scala 2.13 and 3 is supported.