The OWASP GoatDroid Project pays homage to the OWASP WebGoat Project. It is a fully functional and self-contained environment for learning more about vulnerabilities and security issues for the Android platform.

The initial release is of alpha-level maturity and contains a fully functional functional RESTful web service and an Android application to get started. Future releases will add new applications and services, and will expand upon the current codebase to provide new and increasingly difficult to discover security flaws.

The entire application and framework is Java based. There is no need to install an external web server or container. You do however, need MySQL, the Android SDK, and Eclipse. Each web service runs on embedded Jetty instances and uses the Jersey implementation of JAX-RS.

In the first release, solutions will not be provided. You are encouraged to figure out where the holes are and determine the best way to mitigate them. The next release will include the solutions for version 1.

To get started, download the .zip file and follow the instructions in the Quick Start Guide, found here: http://code.google.com/p/owasp-goatdroid/wiki/QuickStartGuide

Please submit any issues or problems encountered through the issue tracker.