How to install OWASP Juice Shop in Heroku and Docker under 3 minutes!
4.2 هزار بار بازدید -
5 سال پیش
-
Welcome back to the OWASP
Welcome back to the OWASP Top 10 training series. Today, we are going to install OWASP Juice Shop using both Heroku and Docker. This is the last step in our OWASP Top 10 lab setup. I’ve chosen to add it in this lab so that we can experiment with attacking Nodejs backend targets with AngularJs front-end.
======================================
Blog post: https://thehackerish.com/how-to-insta...
Follow us on Twitter: Twitter: thehackerish
Facebook Page: Facebook: thehackerish
======================================
After this tutorial, we will start practicing the exploitation of the OWASP Top 10 vulnerabilities. If you haven’t been following along from the beginning, it’s not too late. All you have to do is watch the OWASP Top 10 training playlist.
Why OWASP Juice Shop for this OWASP Top 10 training?
======================================
OWASP Juice Shop is a deliberately vulnerable modern web application built on the current single web application stacks. Besides, it has a front-end based on AngularJs and a backend in NodeJs. Moreover, it uses both sqlite and NoSQL MongoDB databases. It also has a rest API.
Juice Shop is an awesomely well maintained project. Therefore, it is a great target to hone your skills, whether you are a beginner or an experienced pentester.
A public instance is already available at https://juice-shop.herokuapp.com. However, I don’t recommend you directly test against it. In fact, you will often find some challenges already solved. Besides, it is a shared instance with others who might be malicious. Finally, it is especially not intended for brute forcing or automated testing. So be responsible and use it just to get a feel of Juice Shop features.
What is Heroku?
======================================
Heroku is a cloud platform as a service (PaaS) supporting several programming languages. This means that you can deploy your code directly on the cloud and have a link to your web application. This is very convenient because it lets you deploy Juice Shop without any local setup.
Docker advantages
======================================
If you’d like to reduce network latency, or even not depend on the internet, working locally would be the way to go. We are going to use Docker to avoid installing all the dependencies. If you don’t have Docker installed yet, you can install it using the instructions on how to install Docker in the OWASP WebGoat tutorial.
======================================
Blog post: https://thehackerish.com/how-to-insta...
Follow us on Twitter: Twitter: thehackerish
Facebook Page: Facebook: thehackerish
======================================
After this tutorial, we will start practicing the exploitation of the OWASP Top 10 vulnerabilities. If you haven’t been following along from the beginning, it’s not too late. All you have to do is watch the OWASP Top 10 training playlist.
Why OWASP Juice Shop for this OWASP Top 10 training?
======================================
OWASP Juice Shop is a deliberately vulnerable modern web application built on the current single web application stacks. Besides, it has a front-end based on AngularJs and a backend in NodeJs. Moreover, it uses both sqlite and NoSQL MongoDB databases. It also has a rest API.
Juice Shop is an awesomely well maintained project. Therefore, it is a great target to hone your skills, whether you are a beginner or an experienced pentester.
A public instance is already available at https://juice-shop.herokuapp.com. However, I don’t recommend you directly test against it. In fact, you will often find some challenges already solved. Besides, it is a shared instance with others who might be malicious. Finally, it is especially not intended for brute forcing or automated testing. So be responsible and use it just to get a feel of Juice Shop features.
What is Heroku?
======================================
Heroku is a cloud platform as a service (PaaS) supporting several programming languages. This means that you can deploy your code directly on the cloud and have a link to your web application. This is very convenient because it lets you deploy Juice Shop without any local setup.
Docker advantages
======================================
If you’d like to reduce network latency, or even not depend on the internet, working locally would be the way to go. We are going to use Docker to avoid installing all the dependencies. If you don’t have Docker installed yet, you can install it using the instructions on how to install Docker in the OWASP WebGoat tutorial.
5 سال پیش
در تاریخ 1398/10/30 منتشر شده
است.
4,292
بـار بازدید شده