Latest revision as of 09:45, 15 October 2019

We have fully migrated to the new OWASP Website! Please visit our new project page at

www-project-juice-shop

@@ Line 1: / Line 1: @@
-=Main=
+We have fully migrated to the new OWASP Website! Please visit our new project page at
+= https://www2.owasp.org/www-project-juice-shop =
-<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
-{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
-| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
-== OWASP Juice Shop Tool Project ==
-''| The most trustworthy online shop out there.'' ([https://twitter.com/dschadow/status/706781693504589824 dschadow])
-OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire [[OWASP Top Ten]] and other severe security flaws.
-==Description==
-[[File:JuiceShop_Logo.png|left]]
-Juice Shop is written in Node.js, Express and AngularJS. It was the first application written entirely in JavaScript listed in the [[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP VWA Directory]].
-The application contains 28+ challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. Finding this score board is actually one of the (easy) challenges!
-Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a benchmark to check how well their tools cope with Javascript-heavy application frontends and REST APIs.
-''| Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name. That the initials "JS" match with those of "Javascript" was purely coincidental!''
-== Main Selling Points ==
-* [https://github.com/bkimminich/juice-shop#setup Easy-to-install]: Requires nothing but [http://nodejs.org node.js] or [https://www.docker.com Docker] to run on Windows/Mac/Linux
-* Self-contained: Additional dependencies are pre-packaged or will be resolved and downloaded automatically
-* Self-healing: The simple SQLite database is wiped and regenerated from scratch on every server startup
-* Gamification: On a Score Board the application keeps track of successfully exploited vulnerabilities
-* Free and Open source: Licensed under the [https://github.com/bkimminich/juice-shop/blob/master/LICENSE MIT license] with no hidden costs or caveats
-== Application Architecture ==
-[[File:Architektur_JuiceShop.png]]
-== Screenshots ==
-[[File:Juiceshop_screenshot1.jpg]] [[File:Juiceshop_screenshot2.jpg]] [[File:Juiceshop_screenshot3.jpg]] [[File:Juiceshop_screenshot4.jpg]]
-<!-- TODO: Re-upload screenshots in full resolution and re-enable gallery when the image problems with the Wiki are solved
-<gallery>
-File:Juiceshop_screenshot1.jpg
-File:Juiceshop_screenshot2.jpg
-File:Juiceshop_screenshot3.jpg
-File:Juiceshop_screenshot4.jpg
-</gallery>
--->
-==Licensing==
-This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/bkimminich/juice-shop/blob/master/LICENSE MIT License]. OWASP Juice Shop and any contributions are Copyright &copy; by [[User:Bjoern Kimminich|Bjoern Kimminich]] 2014-2016.
-| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
-<paypal>Juice Shop</paypal>
-== Installation ==
-[https://github.com/bkimminich/juice-shop/releases/latest Packaged Distributions]
-[https://registry.hub.docker.com/u/bkimminich/juice-shop/ Docker Image]
-[https://juice-shop.herokuapp.com/ Online Demo (Heroku)]
-== Source Code ==
-[https://github.com/bkimminich/juice-shop GitHub Project]
-[https://github.com/bkimminich/juice-shop/commits/master Revision History]
-== Support ==
-[https://github.com/bkimminich/juice-shop/blob/master/README.md Documentation]
-[https://gitter.im/bkimminich/juice-shop Chat]
-[https://github.com/bkimminich/juice-shop/issues Issue Tracker]
-== Media ==
-[http://bkimminich.github.io/juice-shop Introduction Slide Deck]
-[http://juice-shop-lightning-talk.kimminich.de Lightning Talk Slides]
-[https://www.youtube.com/watch?v=vdnmR9RVspg Auto-Hacking Video]
-== Merchandise ==
-Apparel ([http://shop.spreadshirt.com/juiceshop US]/[http://shop.spreadshirt.de/juiceshop DE])
-[https://www.stickermule.com/user/1070702817/stickers Stickers]
-== Project Leader ==
-[[User:Bjoern Kimminich|Bjoern Kimminich]] [mailto:bjoern.kimminich@owasp.org @]
-== Related Projects ==
-* [[OWASP Security Shepherd|OWASP Security Shepherd]]
-* [[OWASP WebGoat Project|OWASP WebGoat Project]]
-==Miscellaneous==
-[https://www.openhub.net/p/juice-shop OpenHub Project]
-==Classifications==
-   {| width="200" cellpadding="2"
-   |-
-   | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
-   |-
-   | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
-   | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
-   |-
-   | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
-   |}
-|}
-= Acknowledgements =
-==Contributors==
-The OWASP Juice Shop is developed by a worldwide team of volunteers. A live update of project [https://github.com/bkimminich/juice-shop/graphs/contributors contributors is found here].
-= Road Map and Getting Involved =
-Juice Shop is already implemented, properly tested and [https://github.com/bkimminich/juice-shop#blog-links has been promoted] and [https://github.com/bkimminich/juice-shop#conferences-and-meetups demonstrated or live-hacked on various occasions including OWASP events]. It has been successfully used by different companies for inhouse security trainings.
-==Roadmap==
-===Functional Enhancements in 2.x===
-* [https://github.com/bkimminich/juice-shop/labels/bug fix known bugs]
-* continually adding more features/vulnerabilities to the application
-===Technical Evolution in 2.x===
-* migrate to Angular 2 (see https://github.com/bkimminich/juice-shop/issues/165)
-* migrate to latest Sequelize version (see https://github.com/bkimminich/juice-shop/issues/167)
-** requires to replace the discontinued sequelize-restful module
-* migrate to Jasmine 2 and Frisby 2 test frameworks (see https://github.com/bkimminich/juice-shop/issues/164)
-===Vision for [https://github.com/bkimminich/juice-shop/milestone/1 Juice Shop 3.0]===
-* Add a CTF-mode to use Juice Shop in classroom setups competitively (see https://github.com/bkimminich/juice-shop/issues/166)
-==Getting Involved==
-Involvement in the development and promotion of OWASP Juice Shop is actively encouraged!
-You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
-* use Juice Shop in your own hacker or awareness trainings
-* use Juice Shop as a "guinea pig" for your security tools
-* provide ideas for new vulnerabilities and challenges
-* provide feedback via [mailto:bjoern.kimminich@owasp.org email], [https://gitter.im/bkimminich/juice-shop chat] or by [https://github.com/bkimminich/juice-shop/issues opening an issue]
-__NOTOC__ <headertabs />
-[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Tool]]

Difference between revisions of "OWASP Juice Shop Project"

Latest revision as of 09:45, 15 October 2019

https://www2.owasp.org/www-project-juice-shop

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools