Learning with OWASP Juice Shop


Recently while foraging on twitter, I came across this intentionally vulnerable web application called OWASP Juice Shop. I have Metasploitable installed on my laptop and still haven't made headways in it, so I was naturally apprehensive on whether I should add it to my never ending list. But then I realized that most of the challenges that I have been attempting are based off of outdated technologies. Not that I'm an expert in it, I get stumped even at the simplest of these "outdated" challenges, but when I started exploring Juice Shop, it seemed like I should be paying attention to what's happening NOW.

There is always this balance that you're supposed to achieve - that between getting your basics right, and being up to date with the latest technologies. Juice Shop shares more of a semblance with the applications that I use day to day. Along with it comes a guide - PWNING JUICE SHOP - that helps you whenever you're stuck - you can either look at hints or look directly at the solutions. While attempting exploits on Natas or DVWA, I used technologies that I was pretty much completely aware of. Once I finished a challenge, I used to have a full understanding of the code behind it, especially since it came in disjoint blocks that helped me learn one concept at a time. So it's useful when you are starting off.

But in the real world you don't get to hack according to concepts, and a black box approach - like that in Juice Shop, helps you deal with the frustration that comes with not knowing anything. Once you have even the slightest grip on certain concepts, you can start to work on these frustrating problems and learn to cope and be patient. But of course, it is not a gradient where you start with disjointed concepts and then move on to intricate and complex applications, rather you keep going back and forth and do what you are most comfortable with.