One of the best ways to learn about web security is to put yourself in the shoes of a hacker and try and infiltrate a web app. Doing this without the consent of application's owner, however, is illegal and unethical. That's why websites like Juice Shop have been created. Juice Shop is a dummy application which is riddled with security vulnerabilities. We're going to use it as a sandbox for trying some hacking.
So that everyone can have their own version of Juice Shop to experiment with, we are going to deploy the app using Heroku.
First, if you haven't already, create an account with Heroku
Next click the Deploy to Heroku button on Juice Shop's Github page:
Give the app a name and deploy it! This may take a while...
Once it's deployed, you can access the score board by adding a /#/score-board
to end of your application's URL e.g. https://not-my-juice-shop.herokuapp.com/#/score-board
The score board contains a list of challenges. Each challenge represents a vulnerability that exists within the Juice Shop application. Juice Shop will recognise when you've successfully exploited a vulnerability and award you a point.
The buttons at the top allow you to filter the problems by category, difficulty and completion state. We'd recommend sticking to the 1 and 2 star challenges - they're difficult enough!