Juice Shop Live-Release


Why

OWASP Juice Shop Project is an intentionally insecure webapp for security training written entirely in JavaScript and which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express, and AngularJS. The application contains more than 30 challenges of varying difficulty where the user should exploit the underlying vulnerabilities. Apart from being useful for hacker and awareness training, pentesting proxies or security scanners can also use Juice Shop as a “guinea pig” application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs.

Travis-CI

What

Live release of OWASP Juice Shop to publish all the work achievements of the summit and see Travis-CI & friends in action in the process.

While the release is underway all the new features in v4.0.0 will be demonstrated!

Juice Shop logo

Outcomes

This working session will perform a live release utilizing the entire CI/CD stack Juice Shop utilizes:

Juice Shop CTF-Extension
GitHub release GitHub release
Build Status Build Status
Build status Dependency Status
Test Coverage Coverage Status
Code Climate Code Climate
bitHound Overall Score bitHound Overall Score
Heroku  

Who

The target audience for this Working Session is:

  • everyone who was involved any Juice Shop-related session throughout the summit
  • everyone who’d like to see the power of CI/CD automation with GitHub, Travis-CI and friends

Working materials

Release commands for OWASP Juice Shop:

git checkout master
git merge develop
git tag v4.0.0 -s -m "v4.0.0"
git push --follow-tags

The rest will be done automagically by the build and deployment script for Travis-CI and a small army of GitHub webhooks.

For the CTF-Extension the commands are identical except for the version being v1.2.0.

Content

…add content…



Back to list of all Working Sessions and Tracks

Edit this page here