OWASP 上的十大漏洞都可以在上面作攻擊
OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws.
安裝方式
用 docker 來練習 owasp juice shop
先裝 centos7
然後安裝 docker
yum install docker -y
啟動 docker
systemctl start docker
在 docker 上跑 juice shop
docker pull bkimminich/juice-shop
docker run -d -p 3000:3000 bkimminich/juice-shop
這樣子就可以透過瀏覽 http://1.1.1.1:3000
所有的練習題都可以在 http://1.1.1.1:3000/#/score-board 上面看到/進度
參考
http://www.freebuf.com/sectool/151920.html
http://www.freebuf.com/column/152948.html
留言