OWASP Top 10
The OWASP (Open Web Application Security Project) Top 10 is a list of the ten more critical security risks that are found in web applications. It is important to understand each item in the Top 10. The Top 10 does get updated, but not every year. For example, the last Top 10 was released in 2021 and prior to that it was 2017. The image below is from their site and shows the changes between 2017 and 2021. Each item in the 2021 Top 10 has a hyperlink below that provides a great deal of information for you to understand the risk, how to prevent it and an example scenario.
Juice Shop
OWASP has a project called Juice Shop that is an insecure web application. This is a great resource for you to gain experience with and enhance your skill set. Juice Shop makes sure to include vulnerabilities from the OWASP Top 10 and many more real-world applications!
If you wish to run this on your own system the best way would be to user Docker and launch it as a container.
Docker Windows Install
To help make the installation of Docker easier, please watch the video of me getting Docker to run on Windows 10. I am only providing a demo on how to do this on Windows 10 as doing this on a Mac is much easier.
This video has some areas that I took and sped up the video to save time. The video is just over 12 minutes long, but I would expect that you'd be able to do it a lot quicker on your personal computer.
Mac with Intel CPUs
Make sure you have at lest macOS 10.15 or later. Docker recommends that you upgrade to the latest version of macOS.
If you have VirtualBox 4.3.30 or earlier you will need to uninstall or upgrade this as it is not compatible with Docker Desktop.
Download the Docker Install for Intel.
Open the Docker.dmg file to open the install.
Drag the Docker icon to your Applications folder (like you do for all software installs on a mac).
In the Applications folder double-click the Docker.app to start Docker.
In the Docker Menu (this is a little boat icon on your top menu bar) agree to the Docker Subscription Service Agreement.
You can also follow the instructions that are provided by Docker: https://docs.docker.com/desktop/install/mac-install/
Mac with Apple CPUs (M1 or M2)
Docker recommends to use Rosetta 2 for the best user experience. To install Rosetta 2 launch a terminal window from Spotlight (search for term) and then run the following command:
softwareupdate --install-rosettaDownload the Docker install file for Apple CPUs.
Open the Docker.dmg file to open the install.
Drag the Docker icon to your Applications folder (like you do for all software installs on a mac).
In the Applications folder double-click the Docker.app to start Docker.
In the Docker Menu (this is a little boat icon on your top menu bar) agree to the Docker Subscription Service Agreement.
You can also follow the instructions that are provided by Docker: https://docs.docker.com/desktop/install/mac-install/.
Warning: I do not have a Mac with an Apple CPU, so I have not been able to test this out.
Running Juice Shop
Perform the following commands in PowerShell (Windows) or Terminal.app (MacOS).
Run docker pull bkimminich/juice-shop
Run docker run --rm -p 3000:3000 bkimminich/juice-shop
Browse to http://localhost:3000
The image below shows each command and Firefox with the Juice Shop open.
