Scribd Logo
Upload

Welcome to Scribd!

  • OWASP Top 10 Lab Setup

    Uploaded by

    James
    122 views2 pages
    Owasp top 10 labs setup instructions

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Owasp top 10 labs setup instructions

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    122 views2 pages

    OWASP Top 10 Lab Setup

    Uploaded by

    James
    Owasp top 10 labs setup instructions

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    OWASP Top 10 Lab Setup

    Hello friend, welcome to this setup guide for the OWASP Top 10 lab. A lab made for you to
    practice web application hacking using the best known vulnerable web applications.
    Once you finish the setup, you can follow the training at ​https://thehackerish.com​ or the Youtube
    channel playlist at ​https://www.youtube.com/channel/UCIXot2vRgeM5alhAlpTbhQA

    Using the lab with VirtualBox


    This is the old version of the lab. I got many complaints saying that the VirtualBox machine is
    not reachable from the host. Besides, exposing the vulnerable machine inside the LAN network
    is not a security best practice. However, if you want to still use VirtualBox OVA file, you can
    download it from ​here​ and follow instructions on this Youtube ​episode​.

    Install Docker and Docker compose


    This is the first step. This version of the lab will not require Virtualbox, so you can virtually run it
    on any host, even EC2 instances. Plus, you won’t have to put the lab in your LAN network,
    which is a good security measure.
    To be able to achieve this, the most elegant way is to use Docker and Docker compose.
    Follow instructions on ​https://docs.docker.com/compose/install/​ to install Docker and Docker
    compose on your Mac, Windows or Linux machine.
    Run the lab
    Once you have Docker and Docker compose ready, follow the instructions below. All commands
    should be run ​thehackerish-lab​ folder you downloaded.
    1. If you are in a timezone other than Europe/Amsterdam, edit the ​TZ​ variable in the latest
    line of the ​docker-compose.yml​ file
    2. Run the command: ​docker-compose up
    3. Wait for about 1 minute, then go to your browser
    4. Visit: ​http://localhost:8080/WebGoat​ to access the WebGoat web application.
    5. Visit: ​http://localhost:9090/WebWolf​ to access the WebWolf app.
    6. Visit: ​http://localhost:3000​ to access Juice Shop.

    Pause and resume your hacking


    You can pause the lab and resume it at any time.

    Pause the lab


    On a new terminal window, run the following command (Always from ​thehackerish-lab
    folder)
    docker-compose stop

    Resume where you left


    When you want to continue hacking, run the following command
    docker-compose start

    Happy hacking! 

    You might also like