Welcome to the 14th episode of our Security Culture Campaign! On today’s show Matt Konda discusses OWASP Juice Shop.

The OWASP Juice Shop is an amazing resource for both developers and folks working in application security(or those interested in learning application security!). It is easy to run. You can run it in Heroku at the click of a button. Or you can build from source or run in a Docker container. Remember that it is a vulnerable application though!

Once you have it running, you can use an open book Pwning OWASP Juice Shopto learn more about the exercises or setting it up for training.

The platform includes a ton of challenges from SQL Injection, to XSS to Privilege Escalation and Business Logic Abuse. Many of the challenges can be completed with just browser developer tools!

Click here for the associated YouTube video.

The Jemurai Security Culture Campaign Series is a stream of topical content released every Thursday intended to help developers think about security in a particular area. The content will be available in associated videos, podcasts and blog posts.

Click here to request a topic.