OWASP Juice Shop – Modern Insecure Web Application

OWASP Juice Shop is a modern and sophisticated insecure web application. It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools. Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications.

OWASP Juice Shop - Insecure Web Application
OWASP Juice Shop – Insecure Web Application

The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. Finding this score board is actually one of the (easy) challenges.

Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a “guinea pig”-application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs.

Main Features for this platform are:

  • Free and Open source: Licensed under the MIT license with no hidden costs or caveats
  • Easy-to-install: Choose between node.js, Docker and Vagrant to run on Windows/Mac/Linux
  • Self-contained: Additional dependencies are pre-packaged or will be resolved and downloaded automatically
  • Self-healing: The simple SQLite and MarsDB databases are wiped and repopulated from scratch on every server startup
  • Gamification: The application notifies you on solved challenges and keeps track of successfully exploited vulnerabilities on a Score Board
  • Re-branding: Fully customizable in business context and look & feel to your own corporate or customer requirements
  • CTF-support: Challenge notifications optionally contain a flag code for your own Capture-The-Flag events

You can read more and download the Juice Shop over here: https://github.com/bkimminich/juice-shop

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments