OWASP Juice Shop

Penetration Testing: Amateur Hour In this post, I am essentially going to fire up the OWASP Juice Shop (OJS) locally, navigate to the scoreboard to see the intended challenges, and then have a go at solving as many as I think I have a hope in heck of achieving. Given that I am not a penetration tester (in fact, I think I’d probably be rubbish as a professional pentester if I attempted it), I don’t expect to solve all that many of the challenges, at least not without getting some significant hints from elsewhere....

Deploying the Juice Shop to AWS, the manual way This post covers various attempts to deploy the OWASP Juice Shop (OJS) application on AWS. Multiple approaches are trialled, with the comment element between them being that these are all fairly manual ‘point-and-click’ style methods. Good for getting oneself up and running the first time, while getting to grips with AWS. Not so good for reliable, reproducible deployments, however. For the purposes of the remainder of this series of blog posts, I will be using OJS v15....

Deploying, and then Securing, the OWASP Juice Shop Application Summary I shall deploy the deliberately-vulnerable OWASP Juice Shop application to ’the cloud’, and then use various techniques and tools to (attempt to) secure it. Introduction OWASP Juice Shop is one of OWASP’s flagship projects, and is a deliberately-vulnerable web application. It is used to demonstrate various vulnerabilities that can exist in real applications (including the whole of the OWASP Top 10), for the benefit of all three of builders, breakers and defenders....