Day 11: Introduction to OWASP Juice Shop
Master web application security testing with OWASP Juice Shop. Learn to install, navigate, and exploit vulnerabilities in this intentionally insecure web application designed for hands-on security training.
Learning Objectives
- ✓Understand what OWASP Juice Shop is and its purpose in security training
- ✓Install and run OWASP Juice Shop using Docker
- ✓Navigate the Juice Shop interface and understand vulnerable web applications
- ✓Solve beginner-level security challenges including login bypass and info disclosure
- ✓Identify and exploit broken authentication vulnerabilities
- ✓Document findings and understand the security implications of each vulnerability
Understanding OWASP Juice Shop
Core concepts and importance of vulnerable web applications
What is OWASP Juice Shop?
OWASP Juice Shop is an intentionally insecure web application for security training and penetration testing
Purpose
Provides a safe, legal environment to practice web application security testing
Key Features
- • Modern web application built with Node.js, Express, and Angular
- • Contains over 40 different vulnerabilities from OWASP Top 10
- • Includes a scoring system and achievement tracking
- • Comprehensive documentation and hints system
- • Suitable for beginners to advanced security professionals
Why Use Vulnerable Applications?
Vulnerable applications provide safe, legal environments for security testing practice
Purpose
Benefits
- • Legal and ethical testing environment
- • No risk to real systems or data
- • Comprehensive vulnerability coverage
- • Immediate feedback and learning
- • Structured progression from easy to hard
Popular Applications
- • OWASP Juice Shop (modern web app)
- • DVWA (classic web app)
- • WebGoat (educational focus)
- • Metasploitable (system-level vulnerabilities)
Best Practices
- • Document all findings
- • Understand the vulnerability type
- • Learn the fix/mitigation
- • Practice responsible disclosure