OWASP Juice Shop Project
OWASP Juice Shop Tool Project
The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. Finding this score board is actually one of the (easy) challenges!
Main Selling Points
This recording from a public lecture on 24.10.2018 at the TalTech Infotehnoloogia Kolledž in Tallinn gives an introduction to the OWASP Juice Shop and a live demonstration of the application and how to hack it.
Spoiler warning: The video contains some live hacking including solutions to a few of the challenges!
Official Companion Guide
Pwning OWASP Juice Shop is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under CC BY-NC-ND 4.0 and is available for free as work-in-progress in HTML, PDF, Kindle and ePub format on GitBook. The latest officially released edition is available for free on LeanPub in PDF, Kindle and ePub format.
[30.11.18] juice-shop-ctf v5.0.1
[30.11.18] juice-shop v8.1.1
[27.11.18] juice-shop v8.1.0
[15.11.18] juice-shop v8.0.2
[14.11.18] juice-shop v8.0.1
[10.11.18] juice-shop v8.0.0
|Jeroen Willemsen||Soron Foster|
|Bendik Mjaaland||Timo Pagel|
|Benjamin Pfänder||Björn Kimminich|
All royalties of Björn Kimminich's eBook are donated to the project!
Juice Shop is already implemented, properly tested and has been promoted and demonstrated or live-hacked on various occasions including OWASP events. It has been successfully used by different companies for inhouse security trainings as well as in university lectures or published training slides.
- Release 8.x with Angular6 and ChallengePack from GSoC 2018
- Even more responsive UI based on Material Design
- 10+ new challenges (incl. Timing Attack, Arbitrary File Write)
- Get help from a UI/UX expert for our design/layout tasks
- Hacking Instructor to guide beginners through the challenges
Involvement in the development and promotion of OWASP Juice Shop is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows: