Ideas for potential new hacking challenges are currently collected in the Challenge Pack 2017 milestone on GitHub. In this working session we will gather, design and implement many of the existing, and hopefully several entirely new, challenges that we will bundle in the OWASP Summit Challenge Pack 2017 for production release on the final day of the summit.
We will also consider planned functional enhancements of the Juice Shop CTF-extension and its improved integration with CTFd. Ideas for the CTF-extension are currently gathered as enhancement-issues on GitHub.
- Several new challenges for OWASP Juice Shop
- Functional enhancements to place the challenges in, e.g. the Order Dashboard and Pomace Recycling user stories
- Hint and solution sections for each new challenge are added to the “Pwning OWASP Juice Shop” e-book
- Functional and convenience improvements to the Juice Shop CTF-extension
- Updated project roadmap for OWASP Juice Shop and its CTF-extension
To keep the high release stability and overall quality of OWASP Juice Shop the contribution rules of the project apply for the summit results as well:
- Code follows existing style guides and passes all existing quality gates regarding code smells, test coverage etc.
- Each challenge comes with fully functional unit and integration tests
- Each challenge is verified to be exploitable by corresponding end-to-end tests
The target audience for this Working Session is:
- Web developers (Knowledge of Angular 1.x would be great but is not mandatory)
- Web designers (the vulnerable features will at least look good)
- CTFd project team and contributors
- Security professionals
Related Working Session(s)
- Evaluation/Optimization/Creation of Training Slides
- Hackathon Daily Sessions
- Teaching Attacker perspective to Developers
Back to list of all Working Sessions and Tracks
Edit this page here