Pwning OWASP Juice Shop
Written by Björn Kimminich
This is the official companion guide to the OWASP Juice Shop application. Being a web application with a vast number of intended security vulnerabilities, the OWASP Juice Shop is supposed to be the opposite of a best practice or template application for web developers: It is an awareness, training, demonstration and exercise tool for security risks in modern web applications. The OWASP Juice Shop is an open-source project hosted by the non-profit Open Web Application Security Project (OWASP) and is developed and maintained by volunteers. The content of this book was written for v8.1.1 of OWASP Juice Shop.
A major rewrite for version 8.x is currently ongoing! Several hints and solutions are still for the 7.x version and might not work as-is on 8.x! The content will be incrementally updated for 8.x only on GitBook!
To download the last edition of this book that is fully compatible with 7.x, please visit https://leanpub.com/juice-shop. LeanPub will not be re-published before the transition to 8.x is completed.
The book is divided into three parts:
Part I - Hacking preparations
Part one helps you to get the application running and to set up optional hacking tools.
Part II - Challenge hunting
Part two gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application.
Part III - Getting involved
Part three shows up various ways to contribute to the OWASP Juice Shop open source project.
Please be aware that this book is not supposed to be a comprehensive introduction to Web Application Security in general. For every category of vulnerabilities present in the OWASP Juice Shop you will find a brief explanation - typically by quoting and referencing to existing content on the given topic.
Download a .pdf, .epub, or .mobi file from:
- https://leanpub.com/juice-shop (official release)
Read the book online at:
Contribute content, suggestions, and fixes on GitHub:
Official OWASP Juice Shop project homepage:
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.