Summary: <p><em>Today's episode is brought to you by <strong>ITProTV</strong>. Visit <a href="https://itpro.tv/7ms" rel="nofollow noreferrer noopener" target="_blank">itpro.tv/7ms</a> and use code <strong>7MS</strong> to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription.</em></p> <hr><p>This week's show is another interview episode - this time with my pal Bjorn Kimminich of the OWASP Juice Shop. </p> <p>If you've never heard of the <a href="https://www.owasp.org/index.php/OWASP_Juice_Shop_Project" rel="nofollow noreferrer noopener" target="_blank">Juice Shop</a> before, it's the world's most secure (and I mean that sarcastically) online shopping experience. Actually, it's chock full of security issues, which makes it a fantastic learning tool for Web app pentesters, be they seasoned or total newbs. Bjorn and I sat down (over Skype) to discuss:</p> <ul> <li>How the Juice Shop came to be</li> <li>The current status of application security (is it getting any better?!)</li> <li>Common vulnerabilities still found in today's Web apps</li> <li>Juice Shop being featured in <a href="https://summerofcode.withgoogle.com/" rel="nofollow noreferrer noopener" target="_blank">Google's Summer of Code</a> </li> <li>How dev teams can better bake security into their products</li> <li>What's next for the Juice Shop (<em>hint: stay tuned after the episode is over for a hint on one new "<a href="https://github.com/braimee/bpatty/issues/13" rel="nofollow noreferrer noopener" target="_blank">feature</a>"</em>)</li> </ul><p>Bjorn has gone to great lengths to provide <a href="http://help.owasp-juice.shop" rel="nofollow noreferrer noopener" target="_blank">documentation</a> about how to get up and running with a copy of the Juice Shop to begin your hacking. Personally I find it dead simple to <a href="https://hub.docker.com/r/bkimminich/juice-shop/" rel="nofollow noreferrer noopener" target="_blank">follow Bjorn's instructions</a> for spinning up a Docker container:</p> <pre><code>docker pull bkimminich/juice-shop docker run --rm -p 3000:3000 bkimminich/juice-shop</code></pre> <p>Should you find the Juice Shop to be a valuable tool, please be sure to <a href="https://twitter.com/bkimminich?lang=en" rel="nofollow noreferrer noopener" target="_blank">ping Bjorn on Twitter</a> to let him know. </p> <p>Be sure to <a href="https://twitter.com/owasp_juiceshop?lang=en" rel="nofollow noreferrer noopener" target="_blank">follow the Juice Shop on Twitter</a> as well. <em>Psst...this account sometimes tweets coupon codes which can help you unlock certain challenges!</em> </p>
