{"id":2241407,"date":"2025-11-18T07:30:33","date_gmt":"2025-11-18T06:30:33","guid":{"rendered":"https:\/\/jng-web.com\/labo\/?p=2241407"},"modified":"2025-09-28T20:33:24","modified_gmt":"2025-09-28T18:33:24","slug":"webgoat-son-origine-ses-usages-ses-avantages-et-limites","status":"publish","type":"post","link":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/","title":{"rendered":"WebGoat \u2014 son origine, ses usages, ses avantages et limites"},"content":{"rendered":"<div class=\"advads-avant-le-contenu\" id=\"advads-2227990613\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-4944504088214075\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block;\" data-ad-client=\"ca-pub-4944504088214075\" \ndata-ad-slot=\"4514395581\" \ndata-ad-format=\"auto\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div><div class=\"advads-test\" style=\"margin-left: auto;margin-right: auto;text-align: center;\" id=\"advads-3831462689\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-4944504088214075\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block;\" data-ad-client=\"ca-pub-4944504088214075\" \ndata-ad-slot=\"4514395581\" \ndata-ad-format=\"auto\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div><h2 data-start=\"166\" data-end=\"192\">Qu\u2019est-ce que WebGoat ?<\/h2>\n<p data-start=\"194\" data-end=\"459\"><strong data-start=\"194\" data-end=\"205\">WebGoat<\/strong> est une application web volontairement vuln\u00e9rable \u2014 d\u00e9velopp\u00e9e et maintenue par l\u2019OWASP (Open Web Application Security Project) \u2014 con\u00e7ue pour permettre l\u2019apprentissage interactif de la s\u00e9curit\u00e9 des applications web.<\/p>\n<p data-start=\"461\" data-end=\"730\">L\u2019id\u00e9e est simple : proposer un environnement d\u2019entra\u00eenement dans lequel les apprenants peuvent <strong data-start=\"557\" data-end=\"569\">explorer<\/strong>, <strong data-start=\"571\" data-end=\"584\">exploiter<\/strong>, <strong data-start=\"586\" data-end=\"600\">comprendre<\/strong>, puis <strong data-start=\"607\" data-end=\"619\">corriger<\/strong> des vuln\u00e9rabilit\u00e9s typiques, sans risquer de nuire \u00e0 des syst\u00e8mes r\u00e9els.<\/p>\n<hr data-start=\"732\" data-end=\"735\" \/>\n<h2 data-start=\"737\" data-end=\"764\">Origine, but et missions<\/h2>\n<ul data-start=\"766\" data-end=\"1479\">\n<li data-start=\"766\" data-end=\"900\">\n<p data-start=\"768\" data-end=\"900\">WebGoat est open-source, gratuit, et largement utilis\u00e9 dans les formations en cybers\u00e9curit\u00e9.<\/p>\n<\/li>\n<li data-start=\"901\" data-end=\"1187\">\n<p data-start=\"903\" data-end=\"1187\">L\u2019objectif principal est p\u00e9dagogique : aider les d\u00e9veloppeurs, les pentesters, les \u00e9tudiants \u00e0 <em data-start=\"998\" data-end=\"1019\">voir de l\u2019int\u00e9rieur<\/em> comment se pr\u00e9sentent les failles, comment elles sont exploit\u00e9es, et quelles mesures de mitigation peuvent \u00eatre mises en place.<\/p>\n<\/li>\n<li data-start=\"1188\" data-end=\"1479\">\n<p data-start=\"1190\" data-end=\"1479\">WebGoat int\u00e8gre WebWolf, une application auxiliaire qui simule les actions d\u2019un attaquant ou des interactions externes \u2014 cela permet de s\u00e9parer ce qui se passe \u201cdans l\u2019application victime\u201d de ce qui est \u201cext\u00e9rieur \/ attaque\u201d, dans un cadre contr\u00f4l\u00e9.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"1481\" data-end=\"1484\" \/>\n<h2 data-start=\"1486\" data-end=\"1527\">Fonctionnalit\u00e9s et contenu p\u00e9dagogique<\/h2>\n<p data-start=\"1529\" data-end=\"1711\">WebGoat propose des le\u00e7ons (\u201clessons\u201d) couvrant de nombreuses vuln\u00e9rabilit\u00e9s classiques (y compris beaucoup des \u00e9l\u00e9ments de l\u2019<strong data-start=\"1655\" data-end=\"1671\">OWASP Top 10<\/strong>).<\/p>\n<p data-start=\"1713\" data-end=\"1756\">Quelques exemples de le\u00e7ons ou cat\u00e9gories :<\/p>\n<ul data-start=\"1758\" data-end=\"2220\">\n<li data-start=\"1758\" data-end=\"1831\">\n<p data-start=\"1760\" data-end=\"1831\">Injection (SQL, commande, etc.)<\/p>\n<\/li>\n<li data-start=\"1832\" data-end=\"1900\">\n<p data-start=\"1834\" data-end=\"1900\">Cross-Site Scripting (XSS)<\/p>\n<\/li>\n<li data-start=\"1901\" data-end=\"1989\">\n<p data-start=\"1903\" data-end=\"1989\">Contr\u00f4le d\u2019acc\u00e8s \/ privil\u00e8ges (Access Control)<\/p>\n<\/li>\n<li data-start=\"1990\" data-end=\"2097\">\n<p data-start=\"1992\" data-end=\"2097\">Mauvaise configuration de la s\u00e9curit\u00e9 (Security Misconfiguration)<\/p>\n<\/li>\n<li data-start=\"2098\" data-end=\"2220\">\n<p data-start=\"2100\" data-end=\"2220\">Composants vuln\u00e9rables \/ versions d\u00e9pass\u00e9es (Vulnerable \/ Outdated Components)<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2222\" data-end=\"2272\">Chaque le\u00e7on comporte souvent plusieurs \u00e9l\u00e9ments :<\/p>\n<ol data-start=\"2274\" data-end=\"2542\">\n<li data-start=\"2274\" data-end=\"2325\">\n<p data-start=\"2277\" data-end=\"2325\"><strong data-start=\"2277\" data-end=\"2325\">Plan (expos\u00e9 de la vuln\u00e9rabilit\u00e9, objectifs)<\/strong><\/p>\n<\/li>\n<li data-start=\"2326\" data-end=\"2378\">\n<p data-start=\"2329\" data-end=\"2378\"><strong data-start=\"2329\" data-end=\"2353\">Source \/ code expos\u00e9<\/strong> pour montrer le probl\u00e8me<\/p>\n<\/li>\n<li data-start=\"2379\" data-end=\"2435\">\n<p data-start=\"2382\" data-end=\"2435\"><strong data-start=\"2382\" data-end=\"2403\">Exercice pratique<\/strong> pour exploiter la vuln\u00e9rabilit\u00e9<\/p>\n<\/li>\n<li data-start=\"2436\" data-end=\"2542\">\n<p data-start=\"2439\" data-end=\"2542\"><strong data-start=\"2439\" data-end=\"2464\">Solution \/ mitigation<\/strong> pour corriger ou att\u00e9nuer le risque<\/p>\n<\/li>\n<\/ol>\n<hr data-start=\"2544\" data-end=\"2547\" \/>\n<h2 data-start=\"2549\" data-end=\"2577\">Installation et ex\u00e9cution<\/h2>\n<p data-start=\"2579\" data-end=\"2658\">WebGoat se veut relativement simple \u00e0 d\u00e9ployer pour les personnes int\u00e9ress\u00e9es :<\/p>\n<ul data-start=\"2660\" data-end=\"3134\">\n<li data-start=\"2660\" data-end=\"2806\">\n<p data-start=\"2662\" data-end=\"2806\">Il existe des versions Docker : ex\u00e9cuter un conteneur WebGoat (et WebWolf) avec les ports n\u00e9cessaires.<\/p>\n<\/li>\n<li data-start=\"2807\" data-end=\"2945\">\n<p data-start=\"2809\" data-end=\"2945\">On peut aussi t\u00e9l\u00e9charger le .jar Java et le lancer localement si on a une machine compatible.<\/p>\n<\/li>\n<li data-start=\"2946\" data-end=\"3134\">\n<p data-start=\"2948\" data-end=\"3134\">Attention : pour des raisons de s\u00e9curit\u00e9, WebGoat doit id\u00e9alement \u00eatre ex\u00e9cut\u00e9 en <em data-start=\"3030\" data-end=\"3041\">localhost<\/em>, dans un r\u00e9seau isol\u00e9, et non expos\u00e9 sur Internet.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"3136\" data-end=\"3139\" \/>\n<h2 data-start=\"3141\" data-end=\"3153\">Avantages<\/h2>\n<p data-start=\"3155\" data-end=\"3211\">Voici ce que WebGoat apporte de particuli\u00e8rement utile :<\/p>\n<ul data-start=\"3213\" data-end=\"3878\">\n<li data-start=\"3213\" data-end=\"3363\">\n<p data-start=\"3215\" data-end=\"3363\"><strong data-start=\"3215\" data-end=\"3248\">Apprentissage par la pratique<\/strong> : voir la faille, l\u2019exploiter, comprendre le vecteur, et corriger. C\u2019est bien plus efficace que la th\u00e9orie pure.<\/p>\n<\/li>\n<li data-start=\"3364\" data-end=\"3507\">\n<p data-start=\"3366\" data-end=\"3507\"><strong data-start=\"3366\" data-end=\"3398\">Diversit\u00e9 des vuln\u00e9rabilit\u00e9s<\/strong> : couvre beaucoup de cas r\u00e9els, des plus simples aux un peu plus complexes, ce qui permet une progression.<\/p>\n<\/li>\n<li data-start=\"3508\" data-end=\"3671\">\n<p data-start=\"3510\" data-end=\"3671\"><strong data-start=\"3510\" data-end=\"3528\">Cadre s\u00e9curis\u00e9<\/strong> : puisque tout est volontairement vuln\u00e9rable, on peut \u201cse tromper\u201d sans cons\u00e9quences graves \u2014 ce qui enl\u00e8ve la peur de casser quelque chose.<\/p>\n<\/li>\n<li data-start=\"3672\" data-end=\"3878\">\n<p data-start=\"3674\" data-end=\"3878\"><strong data-start=\"3674\" data-end=\"3726\">R\u00e9utilisable pour la formation, le test d\u2019outils<\/strong> : par exemple utiliser WebGoat pour tester la capacit\u00e9 d\u2019un scanner de vuln\u00e9rabilit\u00e9s \u00e0 d\u00e9tecter les failles.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"3880\" data-end=\"3883\" \/>\n<h2 data-start=\"3885\" data-end=\"3917\">Limites et points d\u2019attention<\/h2>\n<p data-start=\"3919\" data-end=\"4016\">Malgr\u00e9 ses nombreux atouts, WebGoat n\u2019est pas parfait, et il y a des choses \u00e0 prendre en compte :<\/p>\n<ul data-start=\"4018\" data-end=\"5133\">\n<li data-start=\"4018\" data-end=\"4279\">\n<p data-start=\"4020\" data-end=\"4279\"><strong data-start=\"4020\" data-end=\"4045\">Technologie focalis\u00e9e<\/strong> : principalement sur Java \/ Spring Boot + technologies web classiques. Si vous utilisez des stacks modernes (React \/ Vue \/ SPA, microservices, GraphQL, serverless, etc.), certaines le\u00e7ons peuvent \u00eatre moins directement applicables.<\/p>\n<\/li>\n<li data-start=\"4280\" data-end=\"4459\">\n<p data-start=\"4282\" data-end=\"4459\"><strong data-start=\"4282\" data-end=\"4314\">Mises \u00e0 jour \/ compatibilit\u00e9<\/strong> : il faut s\u2019assurer que les versions de Java, des d\u00e9pendances, du syst\u00e8me sont compatibles. Sinon, des probl\u00e8mes d\u2019ex\u00e9cution peuvent survenir.<\/p>\n<\/li>\n<li data-start=\"4460\" data-end=\"4753\">\n<p data-start=\"4462\" data-end=\"4753\"><strong data-start=\"4462\" data-end=\"4495\">Complexit\u00e9 pour les d\u00e9butants<\/strong> : bien que p\u00e9dagogique, certaines le\u00e7ons demandent une bonne compr\u00e9hension des principes HTTP, des concepts de s\u00e9curit\u00e9, et parfois de la manipulation d\u2019outils comme des proxy (Burp, ZAP). Pour quelqu\u2019un qui d\u00e9bute compl\u00e8tement, cela peut \u00eatre intimidant.<\/p>\n<\/li>\n<li data-start=\"4754\" data-end=\"4948\">\n<p data-start=\"4756\" data-end=\"4948\"><strong data-start=\"4756\" data-end=\"4783\">Risque si mal configur\u00e9<\/strong> : si on expose WebGoat sur un r\u00e9seau non s\u00e9curis\u00e9, ou si on ne suit pas les consignes (isolation, localhost, conteneurs), on peut introduire des risques inutiles.<\/p>\n<\/li>\n<li data-start=\"4949\" data-end=\"5133\">\n<p data-start=\"4951\" data-end=\"5133\"><strong data-start=\"4951\" data-end=\"4984\">Couvrir tous les cas modernes<\/strong> : les cas tr\u00e8s r\u00e9cents (authentification OAuth, JWT, API REST complexes, cloud infrastructure) ne sont pas tous repr\u00e9sent\u00e9s ou pas forc\u00e9ment \u00e0 jour.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"5135\" data-end=\"5138\" \/>\n<h2 data-start=\"5140\" data-end=\"5188\">Bonnes pratiques pour l\u2019utiliser efficacement<\/h2>\n<p data-start=\"5190\" data-end=\"5249\">Pour tirer le maximum de WebGoat, voici quelques conseils :<\/p>\n<ol data-start=\"5251\" data-end=\"6396\">\n<li data-start=\"5251\" data-end=\"5516\">\n<p data-start=\"5254\" data-end=\"5279\"><strong data-start=\"5254\" data-end=\"5277\">Pr\u00e9parer le terrain<\/strong><\/p>\n<ul data-start=\"5283\" data-end=\"5516\">\n<li data-start=\"5283\" data-end=\"5383\">\n<p data-start=\"5285\" data-end=\"5383\">S\u2019assurer de comprendre les bases : HTTP, le fonctionnement des sessions, cookies, headers, etc.<\/p>\n<\/li>\n<li data-start=\"5387\" data-end=\"5516\">\n<p data-start=\"5389\" data-end=\"5516\">Avoir install\u00e9 des outils comme un proxy (par exemple OWASP ZAP, Burp Suite), un navigateur de d\u00e9veloppement avec console, etc.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5518\" data-end=\"5682\">\n<p data-start=\"5521\" data-end=\"5549\"><strong data-start=\"5521\" data-end=\"5547\">Isoler l\u2019environnement<\/strong><\/p>\n<ul data-start=\"5553\" data-end=\"5682\">\n<li data-start=\"5553\" data-end=\"5597\">\n<p data-start=\"5555\" data-end=\"5597\">Utiliser Docker ou une machine virtuelle<\/p>\n<\/li>\n<li data-start=\"5601\" data-end=\"5682\">\n<p data-start=\"5603\" data-end=\"5682\">Ne pas exposer WebGoat sur Internet, ou le limiter en localhost ou r\u00e9seau ferm\u00e9<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5684\" data-end=\"5894\">\n<p data-start=\"5687\" data-end=\"5723\"><strong data-start=\"5687\" data-end=\"5721\">Travailler de fa\u00e7on structur\u00e9e<\/strong><\/p>\n<ul data-start=\"5727\" data-end=\"5894\">\n<li data-start=\"5727\" data-end=\"5792\">\n<p data-start=\"5729\" data-end=\"5792\">Commencer par les le\u00e7ons \u201csimples\u201d, puis monter en difficult\u00e9<\/p>\n<\/li>\n<li data-start=\"5796\" data-end=\"5894\">\n<p data-start=\"5798\" data-end=\"5894\">Pour chaque vuln\u00e9rabilit\u00e9 : d\u2019abord comprendre la cause, puis l\u2019exploitation, puis la mitigation<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5896\" data-end=\"6064\">\n<p data-start=\"5899\" data-end=\"5928\"><strong data-start=\"5899\" data-end=\"5926\">Analyser le code source<\/strong><\/p>\n<ul data-start=\"5932\" data-end=\"6064\">\n<li data-start=\"5932\" data-end=\"6064\">\n<p data-start=\"5934\" data-end=\"6064\">WebGoat donne souvent acc\u00e8s au code vuln\u00e9rable. Comparer ce code vuln\u00e9rable et la version corrig\u00e9e aide \u00e0 bien saisir les failles.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"6066\" data-end=\"6396\">\n<p data-start=\"6069\" data-end=\"6098\"><strong data-start=\"6069\" data-end=\"6096\">\u00c9tendre ses comp\u00e9tences<\/strong><\/p>\n<ul data-start=\"6102\" data-end=\"6396\">\n<li data-start=\"6102\" data-end=\"6283\">\n<p data-start=\"6104\" data-end=\"6283\">Apr\u00e8s avoir pratiqu\u00e9 avec WebGoat, essayer de reproduire avec d\u2019autres applications vuln\u00e9rables (Juice Shop, DVWA, etc.), des applications r\u00e9elles de test, ou des challenges CTF<\/p>\n<\/li>\n<li data-start=\"6287\" data-end=\"6396\">\n<p data-start=\"6289\" data-end=\"6396\">Se tenir \u00e0 jour : s\u00e9curit\u00e9 web \u00e9volue, nouvelles vuln\u00e9rabilit\u00e9s apparaissent, de nouveaux paradigmes aussi.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<hr data-start=\"6398\" data-end=\"6401\" \/>\n<h2 data-start=\"6403\" data-end=\"6416\">Conclusion<\/h2>\n<p data-start=\"6418\" data-end=\"6851\">WebGoat est un <strong data-start=\"6433\" data-end=\"6460\">outil extr\u00eamement utile<\/strong> pour quiconque souhaite apprendre la s\u00e9curit\u00e9 des applications web de mani\u00e8re pratique et sans risques majeurs. C\u2019est un excellent pont entre th\u00e9orie et pratique. Gr\u00e2ce \u00e0 ses nombreuses le\u00e7ons, sa communaut\u00e9 (via l\u2019OWASP), et ses ressources, il permet de consolider sa compr\u00e9hension des vuln\u00e9rabilit\u00e9s courantes, et de d\u00e9velopper une pens\u00e9e de s\u00e9curit\u00e9 utile dans le d\u00e9veloppement logiciel.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Qu\u2019est-ce que WebGoat ? WebGoat est une application web volontairement vuln\u00e9rable \u2014 d\u00e9velopp\u00e9e et maintenue par l\u2019OWASP (Open Web Application Security Project) \u2014 con\u00e7ue pour &hellip; <\/p>\n","protected":false},"author":2,"featured_media":2241440,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[27],"tags":[128,353],"class_list":["post-2241407","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-logiciels","tag-securite","tag-web"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.9.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WebGoat \u2014 son origine, ses usages, ses avantages et limites - Labo JNG WEB<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WebGoat \u2014 son origine, ses usages, ses avantages et limites - Labo JNG WEB\" \/>\n<meta property=\"og:description\" content=\"Qu\u2019est-ce que WebGoat ? WebGoat est une application web volontairement vuln\u00e9rable \u2014 d\u00e9velopp\u00e9e et maintenue par l\u2019OWASP (Open Web Application Security Project) \u2014 con\u00e7ue pour &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/\" \/>\n<meta property=\"og:site_name\" content=\"Labo JNG WEB\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/webmaster.referencement.dijon\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fr-fr.facebook.com\/JNGWEB.webmaster\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-18T06:30:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-28T18:33:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jng-web.com\/labo\/wp-content\/uploads\/2025\/09\/web-Goat.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1351\" \/>\n\t<meta property=\"og:image:height\" content=\"828\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"J\u00e9r\u00f4me\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"J\u00e9r\u00f4me\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/\"},\"author\":{\"name\":\"J\u00e9r\u00f4me\",\"@id\":\"https:\/\/jng-web.com\/labo\/#\/schema\/person\/8dceaae857bc9738baa63b3d19fb4590\"},\"headline\":\"WebGoat \u2014 son origine, ses usages, ses avantages et limites\",\"datePublished\":\"2025-11-18T06:30:33+00:00\",\"dateModified\":\"2025-09-28T18:33:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/\"},\"wordCount\":945,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/jng-web.com\/labo\/#organization\"},\"keywords\":[\"S\u00e9curit\u00e9\",\"web\"],\"articleSection\":[\"Logiciels\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/\",\"url\":\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/\",\"name\":\"WebGoat \u2014 son origine, ses usages, ses avantages et limites - Labo JNG WEB\",\"isPartOf\":{\"@id\":\"https:\/\/jng-web.com\/labo\/#website\"},\"datePublished\":\"2025-11-18T06:30:33+00:00\",\"dateModified\":\"2025-09-28T18:33:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Labo Jng Web\",\"item\":\"https:\/\/jng-web.com\/labo\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Logiciels\",\"item\":\"https:\/\/jng-web.com\/labo\/logiciels\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"WebGoat \u2014 son origine, ses usages, ses avantages et limites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jng-web.com\/labo\/#website\",\"url\":\"https:\/\/jng-web.com\/labo\/\",\"name\":\"Labo JNG WEB\",\"description\":\"R\u00e9f\u00e9rencement, Webmastering, CMS, Logiciels ...\",\"publisher\":{\"@id\":\"https:\/\/jng-web.com\/labo\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jng-web.com\/labo\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jng-web.com\/labo\/#organization\",\"name\":\"JNG WEB \/\/ J\u00e9r\u00f4me Guri\",\"url\":\"https:\/\/jng-web.com\/labo\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/jng-web.com\/labo\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jng-web.com\/labo\/wp-content\/uploads\/2015\/04\/logo.png\",\"contentUrl\":\"https:\/\/jng-web.com\/labo\/wp-content\/uploads\/2015\/04\/logo.png\",\"width\":342,\"height\":110,\"caption\":\"JNG WEB \/\/ J\u00e9r\u00f4me Guri\"},\"image\":{\"@id\":\"https:\/\/jng-web.com\/labo\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/webmaster.referencement.dijon\",\"https:\/\/twitter.com\/jng_web\",\"https:\/\/fr.linkedin.com\/in\/jeromeguri\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/jng-web.com\/labo\/#\/schema\/person\/8dceaae857bc9738baa63b3d19fb4590\",\"name\":\"J\u00e9r\u00f4me\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/jng-web.com\/labo\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/21ca560712e7f1303d8c7c22d9ac9254b56517b653bfcb97d6736933471b2ea3?s=96&d=http%3A%2F%2Fwww.jng-web.com%2Flabo%2Fwp-content%2Fuploads%2F2013%2F12%2Favatar-blog-jng-web.png&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/21ca560712e7f1303d8c7c22d9ac9254b56517b653bfcb97d6736933471b2ea3?s=96&d=http%3A%2F%2Fwww.jng-web.com%2Flabo%2Fwp-content%2Fuploads%2F2013%2F12%2Favatar-blog-jng-web.png&r=g\",\"caption\":\"J\u00e9r\u00f4me\"},\"description\":\"Passionn\u00e9 par le web, je m'int\u00e9resse depuis quelques ann\u00e9es aux technologies de l'information et de la communication, et plus particuli\u00e8rement \u00e0 la cr\u00e9ation et au r\u00e9f\u00e9rencement de sites internet.\",\"sameAs\":[\"http:\/\/www.jng-web.com\",\"https:\/\/fr-fr.facebook.com\/JNGWEB.webmaster\",\"https:\/\/twitter.com\/JngWeb21\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WebGoat \u2014 son origine, ses usages, ses avantages et limites - Labo JNG WEB","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/","og_locale":"fr_FR","og_type":"article","og_title":"WebGoat \u2014 son origine, ses usages, ses avantages et limites - Labo JNG WEB","og_description":"Qu\u2019est-ce que WebGoat ? WebGoat est une application web volontairement vuln\u00e9rable \u2014 d\u00e9velopp\u00e9e et maintenue par l\u2019OWASP (Open Web Application Security Project) \u2014 con\u00e7ue pour &hellip;","og_url":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/","og_site_name":"Labo JNG WEB","article_publisher":"https:\/\/www.facebook.com\/webmaster.referencement.dijon","article_author":"https:\/\/fr-fr.facebook.com\/JNGWEB.webmaster","article_published_time":"2025-11-18T06:30:33+00:00","article_modified_time":"2025-09-28T18:33:24+00:00","og_image":[{"width":1351,"height":828,"url":"https:\/\/jng-web.com\/labo\/wp-content\/uploads\/2025\/09\/web-Goat.jpg","type":"image\/jpeg"}],"author":"J\u00e9r\u00f4me","twitter_misc":{"\u00c9crit par":"J\u00e9r\u00f4me","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#article","isPartOf":{"@id":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/"},"author":{"name":"J\u00e9r\u00f4me","@id":"https:\/\/jng-web.com\/labo\/#\/schema\/person\/8dceaae857bc9738baa63b3d19fb4590"},"headline":"WebGoat \u2014 son origine, ses usages, ses avantages et limites","datePublished":"2025-11-18T06:30:33+00:00","dateModified":"2025-09-28T18:33:24+00:00","mainEntityOfPage":{"@id":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/"},"wordCount":945,"commentCount":0,"publisher":{"@id":"https:\/\/jng-web.com\/labo\/#organization"},"keywords":["S\u00e9curit\u00e9","web"],"articleSection":["Logiciels"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/","url":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/","name":"WebGoat \u2014 son origine, ses usages, ses avantages et limites - Labo JNG WEB","isPartOf":{"@id":"https:\/\/jng-web.com\/labo\/#website"},"datePublished":"2025-11-18T06:30:33+00:00","dateModified":"2025-09-28T18:33:24+00:00","breadcrumb":{"@id":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jng-web.com\/labo\/webgoat-son-origine-ses-usages-ses-avantages-et-limites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Labo Jng Web","item":"https:\/\/jng-web.com\/labo\/"},{"@type":"ListItem","position":2,"name":"Logiciels","item":"https:\/\/jng-web.com\/labo\/logiciels\/"},{"@type":"ListItem","position":3,"name":"WebGoat \u2014 son origine, ses usages, ses avantages et limites"}]},{"@type":"WebSite","@id":"https:\/\/jng-web.com\/labo\/#website","url":"https:\/\/jng-web.com\/labo\/","name":"Labo JNG WEB","description":"R\u00e9f\u00e9rencement, Webmastering, CMS, Logiciels ...","publisher":{"@id":"https:\/\/jng-web.com\/labo\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jng-web.com\/labo\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/jng-web.com\/labo\/#organization","name":"JNG WEB \/\/ J\u00e9r\u00f4me Guri","url":"https:\/\/jng-web.com\/labo\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/jng-web.com\/labo\/#\/schema\/logo\/image\/","url":"https:\/\/jng-web.com\/labo\/wp-content\/uploads\/2015\/04\/logo.png","contentUrl":"https:\/\/jng-web.com\/labo\/wp-content\/uploads\/2015\/04\/logo.png","width":342,"height":110,"caption":"JNG WEB \/\/ J\u00e9r\u00f4me Guri"},"image":{"@id":"https:\/\/jng-web.com\/labo\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/webmaster.referencement.dijon","https:\/\/twitter.com\/jng_web","https:\/\/fr.linkedin.com\/in\/jeromeguri"]},{"@type":"Person","@id":"https:\/\/jng-web.com\/labo\/#\/schema\/person\/8dceaae857bc9738baa63b3d19fb4590","name":"J\u00e9r\u00f4me","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/jng-web.com\/labo\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/21ca560712e7f1303d8c7c22d9ac9254b56517b653bfcb97d6736933471b2ea3?s=96&d=http%3A%2F%2Fwww.jng-web.com%2Flabo%2Fwp-content%2Fuploads%2F2013%2F12%2Favatar-blog-jng-web.png&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/21ca560712e7f1303d8c7c22d9ac9254b56517b653bfcb97d6736933471b2ea3?s=96&d=http%3A%2F%2Fwww.jng-web.com%2Flabo%2Fwp-content%2Fuploads%2F2013%2F12%2Favatar-blog-jng-web.png&r=g","caption":"J\u00e9r\u00f4me"},"description":"Passionn\u00e9 par le web, je m'int\u00e9resse depuis quelques ann\u00e9es aux technologies de l'information et de la communication, et plus particuli\u00e8rement \u00e0 la cr\u00e9ation et au r\u00e9f\u00e9rencement de sites internet.","sameAs":["http:\/\/www.jng-web.com","https:\/\/fr-fr.facebook.com\/JNGWEB.webmaster","https:\/\/twitter.com\/JngWeb21"]}]}},"views":413,"_links":{"self":[{"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/posts\/2241407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/comments?post=2241407"}],"version-history":[{"count":1,"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/posts\/2241407\/revisions"}],"predecessor-version":[{"id":2538260,"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/posts\/2241407\/revisions\/2538260"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/media\/2241440"}],"wp:attachment":[{"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/media?parent=2241407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/categories?post=2241407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jng-web.com\/labo\/wp-json\/wp\/v2\/tags?post=2241407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}