Project logo OWASP Juice Shop
Download this book via Leanpub.pdf/.epub View source code on GitHub@juice-shop Pull images from DockerHubbkimminich/juice-shop Follow us on Twitter@owasp_juiceshop Follow us on Mastodon@owasp_juiceshop@fosstodon.org Join our Subreddit/r/owasp_juiceshop

Pwning OWASP Juice Shop

    • Preface
      • Introduction
      • Why OWASP Juice Shop exists
      • Architecture overview
    • Part I - Hacking preparations
      • Hacking preparations
      • Running OWASP Juice Shop
      • Vulnerability categories
      • Challenge tracking
      • Hacking exercise rules
      • Walking the "happy path"
    • Part II - Challenge hunting
      • Challenge hunting
      • Finding the Score Board
      • Injection
      • Broken Authentication
      • Sensitive Data Exposure
      • XML External Entities (XXE)
      • Improper Input Validation
      • Broken Access Control
      • Security Misconfiguration
      • Cross Site Scripting (XSS)
      • Insecure Deserialization
      • Vulnerable Components
      • Security through Obscurity
      • Unvalidated Redirects
      • Broken Anti-Automation
      • Cryptographic Issues
      • Observability Failures
      • Miscellaneous
    • Part III - Getting involved
      • Getting involved
      • Provide feedback
      • Donations
      • Contribute to development
      • Codebase 101
      • Help with translation
    • Part IV - Advanced user guides
      • Troubleshooting
      • Customization
      • Hosting a CTF event
      • Hosting platform for multiple users
      • Trainer’s guide
      • Vendor’s guide
      • Integration
      • Monitoring
    • Part V - Advanced developer guides
      • Hacking Instructor tutorial scripts
      • Cheat detection
      • Coding challenges
      • Chatbot training data
    • Appendix
      • Challenge solutions
      • Jingle lyrics
    • Postface
      • About this book
Pwning OWASP Juice Shop snapshot
  • Pwning OWASP Juice Shop
    • snapshot
    • latest
snapshot latest
Edit this Page
Front Cover
Introduction

Open Worldwide Application Security Project and OWASP are registered trademarks of the OWASP Foundation, Inc. This work is Copyright © by Bjoern Kimminich and licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.