Deploying Then Securing the OWASP Juice Shop, Part Six of ?

Penetration Testing: Amateur Hour In this post, I am essentially going to fire up the OWASP Juice Shop (OJS) locally, navigate to the scoreboard to see the intended challenges, and then have a go at solving as many as I think I have a hope in heck of achieving. Given that I am not a penetration tester (in fact, I think I’d probably be rubbish as a professional pentester if I attempted it), I don’t expect to solve all that many of the challenges, at least not without getting some significant hints from elsewhere....

January 6, 2024 · 30 min · 6297 words · James Cooper

Deploying Then Securing the OWASP Juice Shop, Part Two of ?

Deploying the Juice Shop to AWS, the manual way This post covers various attempts to deploy the OWASP Juice Shop (OJS) application on AWS. Multiple approaches are trialled, with the comment element between them being that these are all fairly manual ‘point-and-click’ style methods. Good for getting oneself up and running the first time, while getting to grips with AWS. Not so good for reliable, reproducible deployments, however. For the purposes of the remainder of this series of blog posts, I will be using OJS v15....

August 10, 2023 · 42 min · 8809 words · James Cooper

Deploying Then Securing the OWASP Juice Shop, Part One-Point-Five of ?

Difficulties getting started with AWS Summary A short overview of some of the many issues I encountered when trying to get myself up and running with AWS. AWS Doesn’t Like Itself? After creating an AWS root user account, I followed their introductory instructions to create a new AWS organisation and an Administrator user inside said organisation, in accordance with best practices (i.e. don’t use your root user account for anything but administration of the overall organisation)....

July 24, 2023 · 9 min · 1748 words · James Cooper

Deploying Then Securing the OWASP Juice Shop, Part One of ?

Deploying, and then Securing, the OWASP Juice Shop Application Summary I shall deploy the deliberately-vulnerable OWASP Juice Shop application to ’the cloud’, and then use various techniques and tools to (attempt to) secure it. Introduction OWASP Juice Shop is one of OWASP’s flagship projects, and is a deliberately-vulnerable web application. It is used to demonstrate various vulnerabilities that can exist in real applications (including the whole of the OWASP Top 10), for the benefit of all three of builders, breakers and defenders....

July 11, 2023 · 6 min · 1124 words · James Cooper