Today's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription.


This week's show is another interview episode - this time with my pal Bjorn Kimminich of the OWASP Juice Shop.

If you've never heard of the Juice Shop before, it's the world's most secure (and I mean that sarcastically) online shopping experience. Actually, it's chock full of security issues, which makes it a fantastic learning tool for Web app pentesters, be they seasoned or total newbs. Bjorn and I sat down (over Skype) to discuss:

  • How the Juice Shop came to be
  • The current status of application security (is it getting any better?!)
  • Common vulnerabilities still found in today's Web apps
  • Juice Shop being featured in Google's Summer of Code
  • How dev teams can better bake security into their products
  • What's next for the Juice Shop (hint: stay tuned after the episode is over for a hint on one new "feature")

Bjorn has gone to great lengths to provide documentation about how to get up and running with a copy of the Juice Shop to begin your hacking. Personally I find it dead simple to follow Bjorn's instructions for spinning up a Docker container:

docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000 bkimminich/juice-shop

Should you find the Juice Shop to be a valuable tool, please be sure to ping Bjorn on Twitter to let him know.

Be sure to follow the Juice Shop on Twitter as well. Psst...this account sometimes tweets coupon codes which can help you unlock certain challenges!

Also, Bjorn would love your help in translating the Juice Shop so it can be enjoyed around the world!

Audio