top of page
Screenshot 2025-11-06 at 10.33.03 PM.png

OWASP Juice Shop

Category: Web Application Security
Difficulty: Intermediate
Tools Used: Kali Linux, Burp Suite, OWASP ZAP, DirBuster, Wfuzz, ExifTool

​

Brief Description:
The OWASP Juice Shop is an intentionally vulnerable web application designed by the OWASP Foundation to teach and test web security concepts. It simulates real-world vulnerabilities found in modern web apps, making it a valuable training platform for ethical hackers, developers, and cybersecurity students.

 

Extended Explanation:
In this project, I installed the OWASP Juice Shop on Kali Linux and explored its multiple layers of vulnerabilities through hands-on testing. The setup involved downloading the source code from GitHub, running npm install, and launching the local instance with npm start. Once accessible via localhost:3000, I used developer tools, Burp Suite, and OWASP ZAP to inspect network traffic, intercept requests, and analyze weaknesses in cookie management, input validation, and session handling.

Throughout the exploration, I completed a variety of built-in challenges, such as uncovering the hidden Scoreboard, logging in as MC SafeSearch, performing Meta Geo Stalking using image metadata, and forging feedback under the admin account. Tools like DirBuster were used to discover hidden directories and test for error handling, while Wfuzz and SecLists assisted in password brute-forcing and enumeration.

One of the key takeaways from this project was recognizing how different vulnerabilities connect — for example, how weak password recovery processes combine with exposed metadata to create real attack vectors. I also experimented with DOM-based Cross-Site Scripting (XSS) to trigger alerts and understand how client-side code can be manipulated to execute arbitrary scripts.

This hands-on experience helped me develop a deeper understanding of vulnerability identification, exploitation, and mitigation, all within a controlled learning environment. The OWASP Juice Shop experience bridged theory with practical cybersecurity testing and emphasized the importance of secure coding and validation practices in real-world web development.

 

Video Playlists: https://www.youtube.com/playlist?list=PLZ8bi5KyPRv853TBgk06rmKUlr0_M7hT1 

 

Key Stats:

  • Framework: Node.js / Angular

  • Environment: Kali Linux

  • Security Tools: Burp Suite, ZAP, DirBuster, Wfuzz, ExifTool

  • Skills Practiced: Path guessing, session manipulation, metadata analysis, XSS exploitation, vulnerability scanning

  • Completion Time: Approximately 10 hours

​

Key Takeaways:

  • Realistic training in web application vulnerabilities and mitigation.

  • Reinforced OWASP Top 10 principles, including XSS, injection, and insecure deserialization.

  • Demonstrated the importance of secure development practices and awareness of how small oversights can lead to major risks.

  • Strengthened skills in ethical hacking, vulnerability assessment, and web application testing.

© Powered and secured by Wix

bottom of page