This repository contains the code for the presentation "Penetration Testing in the Age of AI" at Lumicon 2024. The presentation will cover the following topics:
- Writing the code needed to brudeforce attack the WebGoat login page.
This code is for educational purposes only. Do not use it for malicious purposes.
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.
# create a virtual environment
python -m venv .venv
# activate the virtual environment
source .venv/bin/activate
.venv/bin/pip install -r requirements.txt
# run the application
.venv/bin/python brute_force.py
# to deactivate the virtual environment
deactivate