Pwning OWASP’s Juice Shop Pt. 1: Security Policy

Because I’m a little burned out from spending so much time on Leetcode of late, I recently reached out to a subreddit which focuses on infosec career advice (r/SecurityCareerAdvice) to ask more knowledgeable folks how I could demonstrate continued interest in cyber security without spending money I don’t have on a series of certifications. Both responses included suggestions that I write blog posts, with one going a step further and recommending that I write up walkthroughs for whatever I was working on (a huge thank you is in order for that person, who’s given me permission to post a link to their company’s website, https://securityps.com/).

The thing I’ve been working on most recently, which I’ve been picking at slowly but surely for the last few months, is OWASP’s Juice Shop (https://github.com/bkimminich/juice-shop). Juice Shop is an intentionally insecure web application which is designed to teach people like me how to find and exploit vulnerabilities in a realistic setting. 

Read More