Juice Shop Coding Day


Why

OWASP Juice Shop Project is an intentionally insecure webapp for security training written entirely in JavaScript and which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express, and AngularJS. The application contains more than 30 challenges of varying difficulty where the user should exploit the underlying vulnerabilities. Apart from being useful for hacker and awareness training, pentesting proxies or security scanners can also use Juice Shop as a “guinea pig” application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs.

Collabocats

What

☀-hands-on coding session series to implement the OWASP Summit 2017 Challenge Pack and other functional enhancements to the web application & CTF-extension identified in the Juice Shop session!

Juice Shop logo

Outcomes

This working session will implement the following:

  • Several new challenges for OWASP Juice Shop
  • Functional enhancements to place the challenges in, e.g. the Order Dashboard and Pomace Recycling(done!)
  • Hint and solution sections for each new challenge are added to the Pwning OWASP Juice Shop e-book
  • Functional and convenience improvements to the Juice Shop CTF-extension

To keep the high release stability and overall quality of OWASP Juice Shop the contribution rules of the project apply for the summit results as well:

  • Code follows existing style guides and passes all existing quality gates regarding code smells, test coverage etc.
  • Each challenge comes with fully functional unit and integration tests
  • Each challenge is verified to be exploitable by corresponding end-to-end tests

Who

The target audience for this Working Session is:

  • JavaScript developers (Knowledge of Node.js would be great but is not mandatory)
  • Web developers (Knowledge of Angular 1.x would be great but is not mandatory)
  • Web designers (the vulnerable features will at least look good)
  • Hint/solution/documentation editors (Basic Markdown knowledge would be nice but is not mandatory)

Remote Participants

This working session is pariculartly well-suited for remote participants. All you have to do is let the on-site participants know which challenges or feature you want to work on in order to avoid duplicate work! Then it’s up to you:

Fork, clone, code, submit PRs!

All that in your own speed and schedule!


Working materials

JavaScript Style Guide

Juice Shop CTF-Extension
Build Status Build Status
Build status Coverage Status
Ready Stories Ready Stories
In Progress Stories In Progress Stories
Heroku

Content



Back to list of all Working Sessions and Tracks

Edit this page here