Practice your pen testing skills with the OWASP Juice Shop challenge

Juicy

© Lead image © artverau, 123RF.com

© Lead image © artverau, 123RF.com

Article from Issue 296/2025
Author(s):

The OWASP Juice Shop has over 100 tasks that will get you up to speed on pen testing. This article guides you through your first steps.

You can quickly test whether your web server is an open door for attackers by breaking into your own system. All you need to do is … well, what actually? Isn't there this Metasploit tool that you can simply fire against the server? But before you point massive unknown weapons at your own server, you might want to take some time to familiarize yourself with the available tools and their purposes. And the best way to get started is to break into a test system.

The Open Worldwide Application Security Project (OWASP) makes its Juice Shop [1] available for starting pen testers. In addition to offering tasty fruit juices, the Juice Shop also deliberately contains a number of vulnerabilities, providing newcomers with an ideal target for hands-on pen testing practice. You can quickly set up the Juice Shop in a Docker container.

Open for Business

Because the Juice Shop has security vulnerabilities, you will not want to launch it on your own system. Instead, install your favorite distribution on a virtual machine (VM) or on an old laptop. Other services running in the background on your system will not interfere with the analysis. In principle, any distribution can serve as the underpinnings, but it should have the following tools in its repositories: Docker, Nmap, Dirb, and Base64. You can play it safe with Debian or go for the Kali Linux [2] pen testing distribution.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • Discover Pen Testing

    If you want to check your systems for security vulnerabilities, you need the right tools and a massive helping of experience. Prospective pen testers can get some practice by breaking into prefabricated training VMs.

    more »
  • Kali Linux 2022.3 Released

    From the creators of the most popular penetration testing distributions on the planet, comes a new release with some new tools and a community, real-time chat option.

    more »
  • PiJuice Zero

    The Raspberry Pi Zero is a frugal little computer. But without a power socket, you might be surprised how quickly it can drain a battery. Active power management is the order of the day.

    more »
  • News

    In the news: Kali Linux 2022.3 Released; 14" Pinebook Pro Linux Laptop Ships; OpenMandriva Lx ROME Technical Preview Released, Linux Mint 21 Now Available; Firefox Adds Long-Anticipated Feature; and System76 Oryx Pro Laptop Refreshed with a New CPU.

    more »
  • Monitoring Beehives

    Beekeepers can get to know their colonies better without continuously disturbing the industrious insects. Using a Raspberry Pi and various sensors, two hobby beekeepers monitor the temperature and humidity of their hives, with plans to monitor their weight.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Mobile Programming Security Software Ubuntu Web Development Windows free software open source