Juice Shop's call to pre-summit action


I am organizing the Juice Shop track around “the most trustworthy online shop out there.” To get the most out of the summit for the project, I would like to give you some background on the session agenda and its intended outcome:

I’ve been assembling all existing ideas and requests for new hacking challenges under a GitHub milestone named OWASP Summit Challenge Pack 2017. There are other interesting things to implement for the Juice Shop project than just hacking challenges, e.g. enhancements to the CTF-extension command line tool! 🚩

The ultimate goal of the Juice Shop working session is to drive the implementation of as many challenges & other enhancements as possible and have them released by the end of the summit on June 16th. 🏁

As many other interesting and promising working sessions compete for your attention on the summit schedule, here are some ideas how we can achieve this goal together:

  1. If you didn’t already, please sign up as a participant for the working session via a GitHub Pull Request to either your participant file or the working session files! ✍
  2. Go through the issues of the OWASP Summit Challenge Pack 2017 and comment on them with your design & implementation ideas! 📐
  3. Create new issues with your own fresh challenge ideas! Provide as much background on the underlying vulnerability/risk you want to see represented in the Juice Shop! 💡
  4. Make sure you have read the contribution guideline before you start any work! 📃
  5. Fork and clone https://github.com/bkimminich/juice-shop, pick any issue from GitHub and start coding before the summit begins! 🍴 If you need help, just ping me via email!

The tasks 1-4 are somewhat mandatory for working session participants, because without this kind of preparation it’d be next to impossible to be productive. Task 5 is nice to have, because we can sure do the coding in the evening(s), but the more we get done beforehand, the more time we have to attend other sessions!

And if you are not a programmer? Please still join the working session as an attack path engineer 🏹 or a challenge beta-tester 🐛 or maybe you want to help as a solution editor 📓 by updating the Pwning OWASP Juice Shop companion guide ebook with hints & solutions to the new challenges?

Btw, the Juice Shop working session is exceptionally well-suited for remote participation, as you can of course implement changes at home while the on-site participants do the same in the evening session(s)! 🏡

Finally, I would like to advertise some related working sessions from the “Education” track which might be interesting for you as well: