APPLICATION & SOFTWARE SECURITY

Overview

I deployed OWASP Juice Shop locally and worked through a set of challenges that mirror real web security issues. I used Docker for setup, browser developer tools for analysis, and the Score Board to track progress and learning. (How to Use OWASP Juice Shop)

Objectives

Stand up Juice Shop quickly with Docker
Use the Score Board to plan learning paths
Practice identifying and explaining common web issues
Document findings and mitigations in plain language

Prerequisites

Docker and a modern browser
Basic understanding of OWASP Top 10 concepts

Tools and technologies

Docker, OWASP Juice Shop, Chrome DevTools or Firefox Developer Tools

Implementation

1. Environment setup

Pulled and ran the official Juice Shop container on localhost
Confirmed availability on port 3000 and created a user account

2. Discovery

Explored key features and captured requests with DevTools
Opened the Score Board to select beginner and intermediate challenges

3. Analysis and solves

Traced API calls in the Network tab to understand data flows
Tested input handling and access controls in a safe, contained environment
Recorded steps taken to complete each challenge and described mitigations

4. Documentation

Logged completed challenges with short write-ups
Extracted common fix patterns such as input validation and safer API design

Outcomes

Faster hands-on practice with realistic web flaws
Clear explanations of risks and mitigations suitable for non-experts
A trackable learning record through the Score Board

Skills demonstrated

Practical web security testing
Request analysis with browser tools
Communication of risks and fixes

← Web App Recon

OAuth Armor →

Google Sites

Report abuse