What is Juice Shop?

OWASP Juice Shop is a modern and sophisticated intentionally vulnerable web application. It is used for training, demos, CTFs, and to test security tools on. Juice Shop features vulnerabilities from the entire OWASP Top Ten web application security risks, as well as many other real-world security flaws commonly found. This makes the application extremely useful for anyone wanting to learn more about securing web applications.

Docker is a containerization platform used to easily create, run, and manage applications. Containers are virtual computing environments that run on already running computers. They contain only the necessary files and configurations for running the targeted container, making them a valuable tool for efficiently running applications. Using Docker, we can quickly retrieve the necessary files, run the application, and then access the Juice Shop web application. This will allow us to get started actually practicing and learning from the application.

Running Juice Shop

Getting Juice Shop up and running is extremely simple.

*Note that to be able to do this, your computer needs to support virtualization and the correct settings need to be turned on in your computer's BIOS. If you are unsure if your computer supports it or if the correct settings are enabled, you can search for your computer model and how to do so. In addition to enabling some BIOS settings, you may need to install WSL (Windows Subsystem for Linux) to be able to run some applications. Please ensure that your computer supports virtualization and WSL (on Windows computers) before proceeding. To install WSL, you can search CMD in your taskbar, right click to open as Administrator, and then type 'wsl — install'.*

1. Downloading Docker

If you don't already have Docker, you can go to https://www.docker.com/ to download it. Their website looks like this:

You can then hover over the "Download Docker Desktop" Button in the middle of the page and it will open a drop-down with the different platforms it is available on. Choose the platform of your computer to begin the download.

After that, open the Docker Desktop Installer.exe to begin the installation. You can click through the installer and leave the default options checked, and then it will take a minute for Docker to be installed. Once it has finished, you can open Docker to begin setting up Juice Shop. Find the desktop icon or search for Docker through your taskbar, and then right click it and open as Administrator. You should see a screen that looks like this when you open it up:

*If you did not enable virtualization or install WSL earlier, you may receive some errors at this point. To fix the errors, go back and see if you missed one of those things and then restart Docker*

2. Installing Juice Shop in Docker

Now that we have Docker running, we can install Juice Shop. To do so, click on the 'Search' button at the top of the window.

Then, type in 'juice-shop' in the search bar and the first option should be bkimminich/juice-shop.

Click the 'Pull' button on the right side. After a minute, the image will finish being pulled. From here, open up a command prompt (Search CMD in taskbar) and run the following command:

docker run --rm -p 127.0.0.1:3000:3000 bkimminich/juice-shop

This will start the Juice Shop application. Now you can open up a web browser and go to http://127.0.0.1:3000 to access Juice Shop.

3. Getting Started with Juice Shop

If you click the orange button, it will start a tutorial to help guide you through the site. Or, you can just dismiss the pop-up and have free reign to explore the site and all of its vulnerabilities at your own pace. If you dismiss the pop-up and end up wanting help later, you can click on the side menu button in the top left and then click 'Help Getting Started' to access the same tutorial.

The first thing the guide tells you about is a scoreboard used to track your progress through the site, try and see if you can find it!

Hints like this will be provided to help point you in the right direction.

After you have found the scoreboard, you have completed your first challenge with this site. Good luck getting through them all!

If you don't have any tools for web application testing, you can follow this guide for installing Kali in Docker. Kali is a great tool for security testing. If you would like more information on Juice Shop, you can find it on their github, or on their website. Once your done using Juice Shop, you can go back to the command prompt and press 'Ctrl + C' to stop it. Or, you can go to Docker, go to the Containers tab, and then press the blue button on the right side to stop it.

Conclusion

That's how you get started with Docker and with using Juice Shop! I hope it will be useful in learning web application security. Thank you for reading!