TUTORIAL S Juice Shop
Juicing your hacks up
JUICE SHOP
Nate Drake hacks into the Juice Shop to show you just how easy it is to exploit vulnerable web applications.
OUR EXPERT
Nate Drake
is a technology journalist specialising in cybersecurity. His latest hacking attempt backfired spectacularly, when he accidentally reprogrammed his smart toaster to burn bread to cinders. The fire rises.
Credit: OWASP
If you’re serious about diving into the cut and thrust world of penetration testing, you need a I safe way to practise your ethical hacking skills.
The Juice Shop is a creation of OWASP (Open Worldwide Application Security Project) and provides an excellent way to get started. This web application has been deliberately designed to be insecure.
By understanding the Juice Shop app’s various vulnerabilities, budding hackers can gain valuable insight into how to test for them.
One of the first challenges is to find the Juice Shop’s score board. This gamifies the process by marking your progress as you complete each challenge. It also contains helpful hints on getting started.
Setting up shop
First install the necessary dependencies by opening a terminal and running: $ sudo apt install nodejs git npm
Next, use git to clone the Juice Shop repository: $ git clone https://github.com/juice-shop/juice-shop.git --depth 1
Switch to the new directory with: $ juice-shop
Because this is the first run, enter npm install . During the install process, you’ll notice a number of warnings about packages being deprecated. Remember, though, that this is the point – Juice Shop is deliberately designed to be vulnerable, so penetration testers can flex their skills.