Modern Web Application Penetration Testing Lab

In this blog, we will see what OWASP Juice Shop is and How to deploy it using Docker.

First, we will see what OWASP Juice Shop is.

Juice Shop is an intentionally vulnerable most modern and sophisticated web application, specially designed for CTFs, Learning, training, and hands-on practice of penetration testing on modern Web applications.

OWASP Juice Shop is vulnerable to all OWASP top 10 vulnerabilities, including other Web Application vulnerabilities

OWASP Juice Shop is built on Node.js, Angular, and Express. It is entirely written in JavaScript.

This web application contains the vast number of challenges of various difficulties. We can easily check the progress of challenges on the scoreboard.

Here are the vulnerability category's distribution

Now we will see how to deploy OWASP Juice shop using Docker.

Step 1: Install Docker

Here are the official links to install Docker.

https://docs.docker.com/engine/install/

Step 2: Once the docker is installed and up and running, open the command line and run the below command to pull the OWASP Juice Shop from Docker Hub

Command: docker pull bkimminich/juice-shop

(Pull the OWASP Juice Shop image from the docker hub)

Step: 4: Run OWASP Juice Shop Container using the docker run command

Command: Docker run -p <HOST PORT>:3000 –name <Container Name> -d bkimminich/juice-shop

run: run the OWASP Juice Shop Container using the bkimminich/juice-shop docker image

-p: map container port to host OS port

–name: Provide the name of the Container

-d: to run the container in the background

Step 5: Once the container is up and running, open the browser to access the OWASP Juice shop.

URL: http://localhost:<HOST PORT>