OWASP Juice Shop

Juice-Shop is an OWASP sponsored  intentionally insecure web application written entirely in JavaScript by @bkimminich.  The web application encompasses the entire range of the OWASP Top Ten and other severe security flaws.  

Juice Shop is written in Node.js, Express, and AngularJS.  This application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities.  The first challenge, and the way to help track progress is by finding the scoreboard which is hidden to begin with (Supposed to be an easy challenge).  

The best part, which if you have read any of my other posts, is that the Juice Shop can be run fully in a Docker container.    The screenshot below is to help demonstrate all the moving pieces with Juice Shop.  

Want to run Juice Shop in Docker?  Here is a handy link to make that happen.  

I will edit this post to include more information as I take screenshots.

Need to build out Juice Shop and some other Vulnerable web applications real quick?  Check out my script that will build a fresh Kali image into a web pentester's dream.  Training Setup