An intentionally insecure Javascript Web Application
The most trustworthy online shop out there (@dschadow)
https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
Presentation by Björn Kimminich / @bkimminich
Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name.
That the initials "JS" match with those of "Javascript" was purely coincidental!
OWASP Juice Shop is the first application written entirely in Javascript listed in the OWASP VWA Directory. It also seems to be the first broken webapp that uses the currently popular architecture of an SPA/RIA frontend with a RESTful backend.
Javascript all the way from UI to REST API
Comes with cloud, local and containerized run options
Unsuspectingly browse the Juice Shop like Average Joe!
Covering various vulnerabilities and serious design flaws
OWASP Juice Shop covers all vulnerabilities from the latest OWASP Top 10 and more.
Contains low-hanging fruits & hard-to-crack nuts
Challenge progress is tracked on server-side
Solved challenges are announced as push notifications
I will not live-hack even a single challenge for you!
I will instead show you a prerecorded execution of the testsuite automatically hacking all 27 challenges !
For details on the testsuite implementation and CI-integration check out my Guest Post: Proving that an application is as broken as intended on The SauceLabs Blog.
Breakers Try to hack all the challenges!
Defenders Let loose all your fancy tools!
Builders Learn from my silly mistakes!
Bonus challenge: Contribute to OWASP Juice Shop with a chance for free stickers and other swag!
Licensed under the MIT license.
Created with reveal.js - The HTML Presentation Framework