Webgoat is a penetration testing environment maintained by OWASP. Its purpose is to learn exploiting and defending web application vulnerabilities.

It is straightforward to install webgoat 8.0 via docker on Ubuntu 18.04.

First install some prepared packages:

sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

Then add docker’s key1:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable”

Update and install:

sudo apt-get update
sudo apt-get install docker-ce

Run docker without super user:

sudo groupadd docker
sudo usermod -aG docker $USER

Use docker to install Webgoat 8.02:

docker pull webgoat/webgoat-8.0

That’s it. To run webgoat 8.0:

docker run -p 8080:8080 -t webgoat/webgoat-8.0

shown as figures below:

Fig.1 webgoat 8.0 login
Fig.1 webgoat 8.0 login
Fig.2 webgoat 8.0 intro
Fig.2 webgoat 8.0 intro

After registering a new user, webgoat starts.