WebGoat VS GitGoat

Compare WebGoat vs GitGoat and see what are their differences.

WebGoat

WebGoat is a deliberately insecure application (by WebGoat)

GitGoat

GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment. (by arnica-ext)
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
WebGoat GitGoat
40 9
6,431 162
2.9% -0.6%
8.7 0.0
7 days ago 3 months ago
JavaScript Python
GNU General Public License v3.0 or later MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

WebGoat

Posts with mentions or reviews of WebGoat. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-01-02.

GitGoat

Posts with mentions or reviews of GitGoat. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-21.

What are some alternatives?

When comparing WebGoat and GitGoat you can also consider the following projects:

juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

DVWA - Damn Vulnerable Web Application (DVWA)

kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Lightning-Network - List of Lightning Network technical issues, bugs, flaws, and exploits.

wrongsecrets - Vulnerable app with examples showing how to not use secrets

PomPom-Language - The cuteness implementation of a dependently typed language.

wrongsecrets - Vulnerable app with examples showing how to not use secrets [Moved to: https://github.com/OWASP/wrongsecrets]

ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

smee.io - ☁️📦 Webhook payload delivery service

hacker101 - Source code for Hacker101.com - a free online web and mobile security class.

git-alerts - Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

smee-client - 🔴 Receives payloads then sends them to your local server