I am using Windows 7. I think the process is similar on other Windows versions.
Right-click the ZIP file and click "Extract All...", Extract.
A folder named WebGoat-5.4-OWASP_Standard_Win32 appears. Double-click the subfolder named WebGoat-5.4. Double-click the webgoat_8080.bat file. A Command Prompt opens and vanishes instantly, and another Command Prompt window opens titled "Tomcat". The Tomcat window fills with text and stays open, as shown below.
If a "Windows Firewall" box pops up, allow the program to use the network.
This is the Apache Tomcat Web server listening on the localhost, port 8080. Leave that window open.
TroubleshootingIf the window closes immediately, you are probably trying to run WebGoat from inside the Zip archive. You need to extract the files first and run the program from the decompressed folder.
In Firefox, go to
http://localhost:8080/WebGoat/attackA box pops up asking for a name and password. Use guest for both the name and the password.
The main WebGoat page opens. Click the "Start WebGoat" button. The "How to work with WebGoat" page opens, as shown below.
Save this image with a filename of Proj_11_from_Your_Name.
Email the image to firstname.lastname@example.org with a subject of "Project 11 from YOUR NAME".