An intentionally insecure Javascript Web Application
The most trustworthy online shop out there (@dschadow)
https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
Project Summit 2017 intro by Björn Kimminich / @bkimminich
Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name.
That the initials "JS" match with those of "Javascript" was purely coincidental!
Comes with cloud, local and containerized run options
Full UI translation available for 16+ languages
Covering various vulnerabilities and serious design flaws
OWASP Juice Shop covers all vulnerabilities from the latest OWASP Top 10 and more.
Contains low-hanging fruits & hard-to-crack nuts
Challenge progress is tracked on server-side
Solved challenges are announced as push notifications
Conveniently save your hacking progress to restore it later
Utility project to help you host a hacking event on CTFd
npm i -g juice-shop-ctf-cli
Run juice-shop-ctf
on the command line and let a wizard create SQL statements to apply to CTFd's database
Your CTFd instance will be ready-to-hack in minutes
Fully customizable business context and look & feel
Customize the application via a simple YAML
file
server:
port: 3000
application:
domain: juice-sh.op
name: "OWASP Juice Shop"
logo: JuiceShop_Logo.png
favicon: favicon_v2.ico
numberOfRandomFakeUsers: 0
showChallengeSolvedNotifications: true
showCtfFlagsInNotifications: false
showGitHubRibbon: true
theme: "slate"
twitterUrl: "https://twitter.com/owasp_juiceshop"
facebookUrl: "https://www.facebook.com/owasp.juiceshop"
products: []
Eat your own dog food: The Juice Shop default look & feel is declared in default.yml
The YAML
configuration allows you to override all products
products:
- name: "Product Name"
price: 100
description: "Product Description"
image: "(https://somewhe.re/)image.png"
useForProductTamperingChallenge: false
useForChristmasChallenge: false
Too much effort? Just declare the name
and the app will generate the rest randomly!
Javascript all the way from UI to REST API
Maximizing Test Automation & Code Coverage
Automated Continuous Integration & Demo Deployment
Timeline? When it's done!
Timeline? Today & tomorrow!
Licensed under the MIT license.
Created with reveal.js - The HTML Presentation Framework