OWASP Juice Shop

5.x and beyond

German OWASP Day-Update 2017

by Björn Kimminich / @bkimminich

https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

Logo Facelift (💅)

💅 Because: What could be more important, right? Right?!

Maturity Promotion (🎓)

 Lab  Project 

🎓 Review was finalized at the Project Summit during AppSecEU

Stats, Stats & Stats (📈)


Juice Shop

Stats, Stats & Stats (📈)


Juice Shop

Security Questions (🐹)

🐹 Find out in three new challenges what can go wrong with these fantastic security questions added with 4.x

NoSQL Database (📃)

📃 With MarsDB as an additional NoSQL datastore two new challenges came in with 5.x

Typosquatting (🔤)

🔤 Two new challenges from 5.x explain how to trick those with a weak mind (but quick fingers)

More Languages (🌏)



🌏 Full UI translation available for 17+ languages

Less Dockerfile (📦)

📦 Less meaning reduced image size from 900 to 300 MB

≈500 LeanPub Readers (📖)

📖 Find helpful hints in the official companion guide eBook

Google Summer of Code (💔)

💔 OWASP unfortunately was not selected as an organization for GSoC 2017

OWASP Summit (💚)

💚 At OWASP Summit 2017 there were coding & threat modelling sessions in a dedicated track & villa

Logo Variation (🎨)

🎨 But, why create this "Capri-Sun-accidentally-pierced-by-straw"-inspired logo?

CTF Extension (🚩)

🚩 Use juice-shop-ctf-cli to set up an event on CTFd in 5min

Frictionless CTFs (🚀)

🚀 Participants use individual server instances anywhere, sharing only a flag code-ctfKey & central score server

Re-branding (🎭)

🎭 Fully customizable business context and look & feel for maximum immersion

Upcoming Release 6.x (🔮)

  • Two new 🍪JWT-related vulnerabilities...
    • ...bringing the total to ≥48 challenges
  • Overhaul of the 📍Object-Relational-Mapping...
    • ...and all generated parts of the API
    • ...fixing our two oldest open 🐛bugs along the way
  • Node.js 8.x is the 🆕recommended version...
    • ...but 6.x will continue to work as well
    • ...and on the 🔥-new 9.x it also runs smoothly

Beyond Release 6.x (🌌)

  • Frontend update to 🍭Angular ≥5...
    • ...or something completely different
  • Participate in 🌻Google Summer of Code 2018...
    • ...given OWASP is selected next year
  • Get Juice Shop 🍾promoted to  Flagship  Project ...
    • ...at some point in its lifecycle

Special Thanks (💖)


Josh Grossman
(CTFd SQLs🚩 / JWT🍪)

Timo Pagel
(Re-Branding🎭 / Loud XSS-Demo🎶)

Jannik Hollenbach
(NoSQL📃 / CTF🌟 / Docker📦 / ORM+📍)

Special Thanks (💖)


Josh Grossman
(CTFd SQLs🚩 / JWT🍪)

Timo Pagel
(Re-Branding🎭 / Loud XSS-Demo🎶)

Jannik Hollenbach
(NoSQL📃 / CTF🌟 / Docker📦 / ORM+📍)

Very Special Thanks (💝)

💝 3D-printed Keychain by Viktor Lindström

Very Special Thanks (💝)

💝 3D-printed Keychain by Viktor Lindström

Finally: Thanks to you for 👂!


Copyright (c) 2017 Björn Kimminich

Licensed under the MIT license.


Created with reveal.js - The HTML Presentation Framework

Finally: Thanks to you for 👂!


Copyright (c) 2017 Björn Kimminich

Licensed under the MIT license.


Created with reveal.js - The HTML Presentation Framework

Fork reveal.js on GitHub