| Track: | Owasp Projects |
|---|---|
| When: | Wed PM-3 |
| Where: | Owasp Projects |
| Organizers | Timo Pagel Timo Pagel , Jannik Hollenbach Jannik Hollenbach |
Why
OWASP Juice Shop Project is an intentionally insecure webapp for security training written entirely in JavaScript and which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express, and AngularJS. The application contains more than 30 challenges of varying difficulty where the user should exploit the underlying vulnerabilities. Apart from being useful for hacker and awareness training, pentesting proxies or security scanners can also use Juice Shop as a “guinea pig” application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs.
What
Ideas for potential new hacking challenges are currently collected in the OWASP Summit Challenge Pack 2018 milestone on GitHub. In this working session we will brainstorm & design many of the existing - and hopefully several entirely new - challenges that we will be implemented by on-site and remote particpants in the sessions.
We will also consider planned functional enhancements of the Juice Shop CTF-extension and its improved integration with CTFd and/or FBCTF.
Outcomes
This working session will gather, discuss and design the following:
- GitHub issues for several new challenges in OWASP Juice Shop
- GitHub issues for new functional enhancements to place challenges in
- Communication with the GSoC Juice-Shop students
Synopsis and Takeaways
Preparation of some user stories and new hacking challenges for the Juice Shop Creation of new ideas to implement in the evening sessions Went through github issue list and decided what could be implemented whilst at Summit.
Who
The target audience for this Working Session is:
- Security professionals
- Trainers, instructors
- Developers
Working materials
- Project Roadmap
- GitHub issues in OWASP Summit 2017 Challenge Pack
- Enhancement-issues on GitHub for Juice Shop CTF-Extension
Register as participant
To register as participant add Juice Shop Brainstorming to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions