DEV Community

Cover image for Exploring Security Shepherd
Karthick M
Karthick M

Posted on

Exploring Security Shepherd

Hello Community! I'm excited to delve into the world of Security Shepherd, is a perfect entry point for users completely new to security, with levels increasing in difficulty at a manageable pace. Each security concept, when first addressed in Shepherd, is presented using plain language, so it can be readily understood by beginners.

Programming Language:
The Security Shepherd project primarily uses a combination of programming languages and technologies. The backend of Security Shepherd is often implemented using server-side technologies, and the frontend may involve web development languages.

Backend: Node.js, Express.js.
Frontend: HTML, CSS, JavaScript, Angular or React
Database: MongoDB
Other Technologies: OWASP WebGoat

Parent Company:
Security Shepherd is a deliberately vulnerable web application maintained by OWASP. It is licensed under GPLv3. You can download Security Shepherd locally and install it in a virtual machine.

Mark Curphey started OWASP on September 9, 2001.Jeff Williams served as the volunteer Chair of OWASP from late 2003 until September 2011. As of 2015, Matt Konda chaired the Board.

The OWASP Foundation, a non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects. Since 2011, OWASP is also registered as a non-profit organization in Belgium under the name of OWASP Europe VZW.

Tool Overview: Purpose and Functionality
Security Shepherd is designed to address the need for practical, real-world training in web application security. It aims to educate users about common security issues and vulnerabilities that can affect web applications, allowing them to develop practical skills in securing software.


Educational Challenges: Security Shepherd offers a variety of challenges that simulate real-world security vulnerabilities commonly found in web applications. These challenges cover a range of topics, including but not limited to injection attacks, cross-site scripting (XSS), cross-site request forgery (CSRF), and more.

Learning Paths: Challenges are often organized into learning paths, providing a structured curriculum for users to follow. Learning paths help users progress from fundamental to advanced topics, building a solid understanding of web application security.

Real-world Simulations: The platform's challenges are crafted to closely simulate real-world scenarios, giving users a practical understanding of how security vulnerabilities can be exploited and how to prevent them.

Scoring and Gamification: Users typically earn points for successfully completing challenges, adding a gamified element to the learning experience. This scoring system encourages users to explore and master various aspects of web application security.

Open Source or Paid:
Security Shepherd is an open-source project, meaning that its source code is freely available to the public for review, modification, and distribution. Users can typically access and use the platform without incurring any direct costs. The open-source nature of Security Shepherd encourages collaboration, community contributions, and the sharing of knowledge in the field of web application security.

It's important to note that while the core Security Shepherd platform is open source, there may be additional services, tools, or content related to web application security training that could be offered by third parties and might have associated costs. Always check the official Security Shepherd documentation or website for the most accurate and up-to-date information on its licensing and any associated costs or services.


Top comments (0)