How to Install OWASP Juice Shop

An Introduction to OWASP Juice Shop

2 min readNov 27, 2022

What is OWASP Juice Shop

OWASP Juice Shop is an open source web application designed to be vulnerable. Cybersecurity professionals and enthusiasts can gain a better understanding of vulnerabilities found in the real world. The OWASP Juice Shop page can be found here.

Why You Should Use It

Web application security is crucial to keep organizations safe. To keep up with web based vulnerabilities OWASP famously host the OWASP top ten which list to top ten most critical security risks to web applications. These vulnerabilities can been seen and interacted with by using Juice Shop.

Installation

This guide shows how to install and test Juice Shop using docker. This walkthrough was perfomed on the latest version of Ubuntu being hosted through VMware workstation.

To start, docker needs to be installed if it is not already.

sudo apt install docker.io

Once docker installed the below command can be used install and start the container. This command creates a docker container named juice_shop (Pulled from bkimminich/juice-shop repository), creates it in detached mode (-d runs in the terminal background), removes the container when it stops ( — rm) and hosts it on port 8002.

sudo docker container run -d --name juice_shop --rm -p 8002:3000 bkimminich/juice-shop

Once the command has completed the webpage should be hosted. If it is hosted on the local machine it can be found at the URL below:

http://localhost:8002

First Challenge

The first challenge I issue to you is to find the hidden Score Board page:

This will keep track of your achievements throughout the journey.

Stopping Docker Container

Once you are done, it is easy to stop the docker container. Run the following command:

sudo docker stop juice_shop

To start it up, run the initial command again:

sudo docker container run -d --name juice_shop --rm -p 8002:3000 bkimminich/juice-shop

Conclusion

Juice Shop has been successfully installed and now the fun can begin! If you found this writeup helpful you can follow me for more coming in the future. Feel free to reach out to me on social media. Happy hacking!

LinkedIn: https://www.linkedin.com/in/seth-mccoun-353669163

Twitter: https://twitter.com/seth_mccoun