| Track: | Owasp Projects |
|---|---|
| When: | Thu AM-1,PM-1,PM-2,PM-3 |
| Where: | Owasp Projects |
| Organizers | Timo Pagel Timo Pagel , Jannik Hollenbach Jannik Hollenbach |
| Participants | Peter Turczak Peter Turczak |
| Remote Participants | Adarsh D Adarsh D , Nicholas Tait Nicholas Tait |
Why
OWASP Juice Shop Project is an intentionally insecure webapp for security training written entirely in JavaScript and which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express, and AngularJS. The application contains more than 30 challenges of varying difficulty where the user should exploit the underlying vulnerabilities. Apart from being useful for hacker and awareness training, pentesting proxies or security scanners can also use Juice Shop as a “guinea pig” application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs.
What
☀-hands-on coding session series to implement the OWASP Summit Working Session Pack 2018 and other functional enhancements to the web application & CTF-extension identified in the Juice Shop session!
Outcomes
This working session will implement the following:
- Several new challenges for OWASP Juice Shop
- Functional and convenience improvements to the Juice Shop CTF-extension
To keep the high release stability and overall quality of OWASP Juice Shop the contribution rules of the project apply for the summit results as well:
- Code follows existing style guides and passes all existing quality gates regarding code smells, test coverage etc.
- Each challenge comes with fully functional unit and integration tests
- Each challenge is verified to be exploitable by corresponding end-to-end tests
Who
The target audience for this Working Session is:
- JavaScript developers (Knowledge of Node.js would be great but is not mandatory)
- Web developers (Knowledge of Angular 1.x would be great but is not mandatory)
- Web designers (the vulnerable features will at least look good)
- Hint/solution/documentation editors (Basic Markdown knowledge would be nice but is not mandatory)
Remote Participants
This working session is pariculartly well-suited for remote participants. All you have to do is let the on-site participants know which challenges or feature you want to work on in order to avoid duplicate work! Then it’s up to you:
Fork, clone, code, submit PRs!
All that in your own speed and schedule!
Working materials
- GitHub issues in OWASP Summit 2017 Challenge Pack
- Enhancement-issues on GitHub for Juice Shop CTF-Extension
- OWASP Juice Shop Contribution Guidelines
| Juice Shop | CTF-Extension |
|---|---|
 |  |
|
|  |
 | |
 | |
Content
Register as participant
To register as participant add Juice Shop Coding Day to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions