Member-only story
Juice Shop Overview
Represents a real life e-commerce site, contains 75 challenges, each challenge represents a real life vulnerabilities that could possibly be present in a web application. The goal is to complete the 75 challenges, once a challenge is complete a push notification is sent to the score board.
How do you run Juice-Shop?
I followed the instruction for vagrant
After losing my progress I decided to just deploy the application to heroku seems to work pretty well.
Tools?
Browser, PostMan, OWASP Zed Attack Proxy (ZAP), Kali VM
Good browser, so anything besides internet explorer :). I will be using chrome
Watch javscript console, data might be leaked
Burp Suite — https://medium.com/@tommarler/web-application-security-burp-suite-2adfbba80754
Browser Plugins
TamperData — monitor and modify HTTP requests, help bypass input validation or access restriction mechanisms that are not properly…
