Having followed the testing techniques within WebGoat, a tester should be able to:

• Understand the high-level interaction processes within a web-application
• Determine information in client visible data that can be useful in an attack
• Identify and understand data and user interactions which may expose the application to attack
• Perform tests against those interactions to expose flaws in their operation
• Execute attacks against the application to demonstrate and exploit vulnerabilities