Web Security Practice Lab Setup

The purpose is to provide instructions on how to set up a web security test bed for upcoming talks and workshops.

JuiceShop

1. Create an account on Heroku:
   https://signup.heroku.com/login
2. Once your account is set up, be sure you are authenticated.
3. Visit the JuiceShop repo:
   https://github.com/juice-shop/juice-shop#setup
4. Click the purple button:

5. Let the install complete: ~10 mins.

6. Visit the now live application to confirm its running.

7. It will look similar to this:

Burp/Firefox Install

1. Visit the Burp download page:
   https://portswigger.net/burp/releases/professional-community-2022-8-5?requestededition=community
2. Pick the correct platform to download and install.
3. Install Firefox if required.
   https://www.mozilla.org/en-US/firefox/new/
   Firefox is preferred as the Certificate Store that the browser uses is segregated from the system and is more simple to set up.

HTTP Proxy Setup

1. Open Burp and click through the start up wizard.
2. Check the Proxy -> Options and ensure there is a proxy listener enabled.