A deliberately insecure JavaEE application - Provided by the OWASP Foundation
If you are on OSX, you should create an hosts entry which points to your docker machine. Replace localhost with localdocker then.
192.168.59.103 localdocker #if you are using boot2docker
$ docker run -p 1337:80 szsecurity/webgoat
Docker Pull Command