Finding your first bug in Spring Boot

Setting up Fuzzing for Spring Boot Applications is even easier than fuzzing C++ or Plain Java Code. First you have to start the CI-Daemon. Open a new terminal and start it with $ ci-daemon. In this tutorial we are going to use WebGoat. WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is a demonstration of common server-side application flaws.

Download it via git:

$ git clone