OWASP Juice Shop Introduction

Notable logs from the chat during the session

17:21:39 From Jannik : Fun Fact: The Hacking Instructor was merged during last year’s Open Security Summit :slightly_smiling_face: 17:36:48 From Rusty : He’s using this framework
17:36:49 From Rusty : https://github.com/bkimminich/juice-shop-ctf/releases/tag/v8.1.0
17:51:16 From N/A : Bjorn (sorry no umlaut on my keyboard :) ) is there any official walkthrough with all vulnerabilities and how to exploit them?
I’m asking this because sometimes, due to lack of time all I want is to spin a juice shop container and test/train a particular vulnerability.

About this talk:

In this introduction session to OWASP Juice Shop

• we will take a quick tour through the OWASP flagship project that claims to be “probably the most sophisticated vulnerable web application!”

• Starting with a “happy path” shopping tour we will then learn what security flaws lurk beneath the shiny web UI surface!

• You will also learn about the CTF support, hacking instructor scripts, tutorial mode, dos and don’ts and some technical background of the project!

_Note: The theming and integration capabilities as well as the MultiJuicer project will only be covered very briefly, as they both have their own user sessions during the main summit week!

Please register for:

• OWASP Juice Shop Deep Dive: Theming and/or

• OWASP Juice Shop Deep Dive: Integration and/or

• OWASP Juice Shop Deep Dive: MultiJuicer if you want to learn more!