Latest revision as of 09:45, 15 October 2019

We have fully migrated to the new OWASP Website! Please visit our new project page at

www-project-juice-shop

@@ Line 1: / Line 1: @@
-=Main=
+We have fully migrated to the new OWASP Website! Please visit our new project page at
+= https://www2.owasp.org/www-project-juice-shop =
-<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
-{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
-| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
-== OWASP Juice Shop Tool Project ==
-OWASP Juice Shop is an intentionally insecure webapp for pentesting & security awareness trainings written entirely in Javascript. Its vulnerabilities encompass the entire [[OWASP Top Ten|OWASP Top Ten]] as well as business logic bugs and other severe programming mistakes.
-==Description==
-Juice Shop is written in Node.js, Express and AngularJS. It is the first application written entirely in JavaScript listed in the [[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP VWA Directory]]. It also seems to be the first broken web app that uses the currently popular architecture of a Single-Page-Application/Rich-Internet-Application frontend with a RESTful backend.
-<blockquote>''Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name. That the initials "JS" match with those of "Javascript" was purely coincidental!''</blockquote>
-The application contains 28+ challenges where the user is supposed to use certain attacks to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. (Finding the score board is actually a challenge of its own...)
-Juice Shop can be deployed and run as a Docker container, via a packaged distribution (for some popular node.js versions) or by cloning the repository and running it directly on your node.js installation.
-==Licensing==
-This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/bkimminich/juice-shop/blob/master/LICENSE MIT License]. OWASP Juice Shop and any contributions are Copyright &copy; by [[User:Bjoern Kimminich|Bjoern Kimminich]] 2014-2016.
-| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
-== Installation ==
-[https://github.com/bkimminich/juice-shop/releases/latest Packaged Distributions]
-[https://registry.hub.docker.com/u/bkimminich/juice-shop/ Docker Image]
-[https://juice-shop.herokuapp.com/ Online Preview]
-== Source Code ==
-[https://github.com/bkimminich/juice-shop GitHub Project]
-[https://github.com/bkimminich/juice-shop/commits/master Revision History]
-== Support ==
-[https://github.com/bkimminich/juice-shop/blob/master/README.md Documentation]
-[https://gitter.im/bkimminich/juice-shop Chat]
-[https://github.com/bkimminich/juice-shop/issues Issue Tracker]
-== Media ==
-[http://bkimminich.github.io/juice-shop Introduction Presentation]
-[https://www.youtube.com/watch?v=vdnmR9RVspg Auto-Hacking Video]
-== Project Leader ==
-[[User:Bjoern Kimminich|Bjoern Kimminich]] [mailto:bjoern.kimminich@owasp.org @]
-== Related Projects ==
-* [[OWASP Security Shepherd|OWASP Security Shepherd]]
-* [[OWASP WebGoat Project|OWASP WebGoat Project]]
-==Classifications==
-   {| width="200" cellpadding="2"
-   |-
-   | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
-   |-
-   | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
-   | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
-   |-
-   | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
-   |}
-|}
-= Acknowledgements =
-==Contributors==
-The OWASP Juice Shop is developed by a worldwide team of volunteers. A live update of project [https://github.com/bkimminich/juice-shop/graphs/contributors contributors is found here].
-= Road Map and Getting Involved =
-Juice Shop is already implemented, properly tested and [https://github.com/bkimminich/juice-shop#blog-links has been promoted] and [https://github.com/bkimminich/juice-shop#conferences-and-meetups demonstrated or live-hacked on various occasions including OWASP events]. It has been successfully used by different companies for inhouse security trainings.
-==Roadmap==
-* [https://github.com/bkimminich/juice-shop/issues fix known bugs]
-* continually adding more features/vulnerabilities to the application
-* stabilization of the underlying architecture, e.g.
-** migrating to Angular 2
-** migrate to latest Sequelize version (requires to replace the discontinued sequelize-restful module)
-** migrate to Jasmine 2 and Frisby 2 test frameworks
-==Getting Involved==
-Involvement in the development and promotion of OWASP Juice Shop is actively encouraged!
-You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
-* use Juice Shop in your own hacker or awareness trainings
-* provide ideas for new challenges to be added
-* provide feedback via email, chat or by opening an issue on GitHub
-__NOTOC__ <headertabs />
-[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Tool]]

Difference between revisions of "OWASP Juice Shop Project"

Latest revision as of 09:45, 15 October 2019

https://www2.owasp.org/www-project-juice-shop

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools