Install Webgoat 8 - Learn Web Pentesting

WebGoat is a beginner friendly practice target for web penetration testing.
In this article, I'll install WebGoat 8 on Kali and Ubuntu using Java.
The Small Print
Using penetration testing techniques requires many legal and ethical considerations, which are not taught in this article. You're responsible for following the law.
Note that WebGoat is extremely vulnerable, and you must consider the risks of adding such a vulnerable piece of software to your computer.
This article is about the latest WebGoat 8. My earlier article shows how to run older WebGoat 7 in Docker.
Prerequisites
Install Java (and ufw if needed)
$ sudo apt-get update
$ sudo apt-get -y install openjdk-11-jre ufw
Enable firewall.
$ sudo ufw enable
Install and Run WebGoat
Download and run WebGoat 8 Java JAR package
$ wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M26/webgoat-server-8.0.0.M26.jar
$ java -jar webgoat-server-8.0.0.M26.jar
Register

Open WebGoat in browser. Notice the path, or you get an empty page.
http://localhost:8080/WebGoat/
Register a new user, using the link below the login fields.
Log in.
Become a Hacker
Well done, you're runnning web goat. You're on the path to becoming a hacker. Only use your new powers for good!

Updated: title, minor improvements in text; fixed '...opendjk...' -> 'sudo apt-get install openjdk-11-jre'