OWASP Juice Shop,是 Björn Kimminich 创建的 OWASP 旗舰项目。 它旨在包含来自 OWASP Top 10 和 OWASP API Security Top 10 的漏洞。Juice Shop 中发现的一个很棒的功能是它可以跟踪您的黑客进度并包含一个隐藏的记分牌。 Juice Shop 是使用 Node.js、Express 和 Angular 构建的。 它是一个由 REST API 提供支持的 JavaScript 应用程序。
OWASP Juice Shop 学习一
安装docker
通过VMware虚拟机安装Centos 7 IP地址 192.168.31.201,然后安装docker。
Docker的安装过程
安装OWASP Juice Shop
# docker pull bkimminich/juice-shop
Using default tag: latest
latest: Pulling from bkimminich/juice-shop
3aa4d0bbde19: Pull complete
1ef6f24acb8c: Pull complete
cce98d98dea3: Pull complete
402b4d5fa115: Pull complete
7ce100a0f5b6: Pull complete
0c967273558c: Pull complete
ae2d7f68ac99: Pull complete
d49f4ddd0060: Pull complete
Digest: sha256:cc936d5b92ddb9741fc22f79fe879be62dbc1122fe3ca3042ef612f2b77a1011
Status: Downloaded newer image for bkimminich/juice-shop:latest
运行OWASP Juice Shop
# docker run --rm -p 80:3000 bkimminich/juice-shop
> juice-shop@13.3.0 start
> node build/app
info: All dependencies in ./package.json are satisfied (OK)
info: Chatbot training data botDefaultTrainingData.json validated (OK)
info: Detected Node.js version v16.14.2 (OK)
info: Detected OS linux (OK)
info: Detected CPU x64 (OK)
info: Configuration default validated (OK)
info: Required file server.js is present (OK)
info: Required file index.html is present (OK)
info: Required file styles.css is present (OK)
info: Required file main.js is present (OK)
info: Required file tutorial.js is present (OK)
info: Required file polyfills.js is present (OK)
info: Required file runtime.js is present (OK)
info: Required file vendor.js is present (OK)
(node:17) [DEP0152] DeprecationWarning: Custom PerformanceEntry accessors are deprecated. Please use the detail property.
(Use `node --trace-deprecation ...` to show where the warning was created)
info: Port 3000 is available (OK)
info: Server listening on port 3000
访问:http://192.168.31.201/#/
