OWASP Juice Shop v8.4.1 releases: intentionally insecure webapp for security trainings

OWASP Juice Shop

OWASP Juice Shop is an intentionally insecure web app for security training written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.

For a detailed introduction, full list of features and architecture overview please visit the official project page here.

Setup

Deploy on Heroku (free ($0/month) dyno)

  1. Click the button below and follow the instructions

This is the quickest way to get a running instance of Juice Shop! If you have forked this repository, the deploy button will automatically pick up your fork for deployment! As long as you do not perform any DDoS attacks you are free to use any tools or scripts to hack your Juice Shop instance on Heroku!

From Sources

  1. Install node.js
  2. Run git clone https://github.com/bkimminich/juice-shop.git (or clone your own fork of the repository)
  3. Go into the cloned folder with cd juice-shop
  4. Run npm install (only has to be done before the first start or when you change the source code)
  5. Run npm start
  6. Browse to http://localhost:3000

Docker Container

  1. Install Docker
  2. Run docker pull bkimminich/juice-shop
  3. Run docker run -d -p 3000:3000 bkimminich/juice-shop
  4. Browse to http://localhost:3000 (on macOS and Windows browse to http://192.168.99.100:3000 if you are using docker-machine instead of the native docker installation )

Even easier: Run Docker Container from Docker Toolbox (Kitematic)

  1. Install and launch Docker Toolbox
  2. Search for juice-shop and click Create to download image and run container
  3. Click on the Open icon next to Web Preview to browse to OWASP Juice Shop

Changelog v8.4.1

🐛 Bugfixes

  • Fixed undeterministically failing frontend unit tests on Travis-CI

🛅 Miscellaneous

  • Recycling table is now enforcing column constraints similar to form validation in client
  • Updated some backend software dependencies

Download

Copyright (c) 2014-2018 Bjoern Kimminich

Share