Home

Awesome

OWASP Security Shepherd OWASP Flagship

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.

Build Status

Where can I download Security Shepherd?

Virtual Machine or Manual Setup

You can download Security Shepherd VM's or Manual Installation Packs from GitHub

Docker (Ubuntu Linux Host)

Initial Setup

# Install pre-reqs
sudo apt install git maven docker docker-compose default-jdk

# Clone the github repository
git clone https://github.com/OWASP/SecurityShepherd.git

# Change directory into the local copy of the repository
cd SecurityShepherd

# Adds current user to the docker group (don't have to run docker with sudo)
sudo gpasswd -a $USER docker

# Run maven to generate the WAR and HTTPS Cert.
mvn -Pdocker clean install -DskipTests

# Build the docker images, docker network and bring up the environment
docker-compose up

Open up an Internet Browser & type in the address bar;

To login use the following credentials (you will be asked to update after login);

Note: Environment variables can be configured in dotenv .env file in the root dir.

Full Guide

Docker-Environment-Setup

How do I setup Security Shepherd?

We've got fully automated and step by step walkthroughs on our wiki page to help you get Security Shepherd up and running.

What can Security Shepherd be used for?

Security Shepherd can be used as a;

Why choose Security Shepherd?

There are a lot of purposefully vulnerable applications available in the OWASP Project Inventory, and even more across the internet. Why should you use Security Shepherd? Here are a few reasons;