The OWASP Juice Shop is a modern SPA insecure web application for security training, demos and CTFs. Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications.
The Juice Shop has a companion book Pwning OWASP Juice Shop which is the official guide. It has a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them.
- Run
docker run -d -p 127.0.0.1:3000:3000 bkimminich/juice-shopto launch the container with that image. - Browse to http://localhost:3000.
- Admin email is
[email protected]and password isadmin123