In the latest video of our Security Culture series we talk about The OWASP Juice Shop. You can also listen in on our podcast.

The OWASP Juice Shop is an amazing resource for both developers and folks working in application security (or those interested in learning application security!). It is easy to run. You can run it in Heroku at the click of a button. Or you can build from source or run in a Docker container. Remember that it is a vulnerable application though!

Once you have it running, you can use an open book Pwning OWASP Juice Shop to learn more about the exercises or setting it up for training.

The platform includes a ton of challenges from SQL Injection, to XSS to Privilege Escalation and Business Logic Abuse. Many of the challenges can be completed with just browser developer tools!

scoreboard

Huge kudos to the Juice Shop team and particularly Bjoern Kimminich for building such an awesome tool and bringing so much energy to the process!

References

Matt Konda

Matt is a software engineer. He's our CEO and former Chair & OWASP Board Member.

Want to stay up to date with the lastest from Jemurai?

Sign up for our monthly newsletter!