This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Juice Shop Project"

From OWASP
Jump to: navigation, search
(Description)
(Replace entire content with link to new website at https://www2.owasp.org/www-project-juice-shop)
 
(304 intermediate revisions by 3 users not shown)
Line 1: Line 1:
=Main=
+
We have fully migrated to the new OWASP Website! Please visit our new project page at
 
+
= https://www2.owasp.org/www-project-juice-shop =
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 
 
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
 
 
== OWASP Juice Shop Tool Project ==
 
 
 
OWASP Juice Shop is an intentionally insecure webapp for pentesting & security awareness trainings written entirely in Javascript. Its vulnerabilities encompass the entire [[OWASP Top Ten|OWASP Top Ten]] as well as business logic bugs and other severe programming mistakes.
 
 
 
==Description==
 
 
 
[[File:JuiceShop_Logo.png|left]]
 
Juice Shop is written in Node.js, Express and AngularJS. It is the first application written entirely in JavaScript listed in the [[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP VWA Directory]]. It also seems to be the first broken web app that uses the currently popular architecture of a Single-Page-Application/Rich-Internet-Application frontend with a RESTful backend.
 
 
 
<blockquote>''Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name. That the initials "JS" match with those of "Javascript" was purely coincidental!''</blockquote>
 
 
 
The application contains 28+ challenges where the user is supposed to use certain attacks to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. (Finding the score board is actually a challenge of its own...)
 
 
 
Juice Shop can be deployed and run as a Docker container, via a packaged distribution (for some popular node.js versions) or by cloning the repository and running it directly on your node.js installation.
 
 
 
==Licensing==
 
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/bkimminich/juice-shop/blob/master/LICENSE MIT License]. OWASP Juice Shop and any contributions are Copyright &copy; by [[User:Bjoern Kimminich|Bjoern Kimminich]] 2014-2016. 
 
 
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
 
 
== Installation ==
 
 
 
[https://github.com/bkimminich/juice-shop/releases/latest Packaged Distributions]
 
 
 
[https://registry.hub.docker.com/u/bkimminich/juice-shop/ Docker Image]
 
 
 
[https://juice-shop.herokuapp.com/ Online Preview]
 
 
 
== Source Code ==
 
 
 
[https://github.com/bkimminich/juice-shop GitHub Project]
 
 
 
[https://github.com/bkimminich/juice-shop/commits/master Revision History]
 
 
 
== Support ==
 
 
 
[https://github.com/bkimminich/juice-shop/blob/master/README.md Documentation]
 
 
 
[https://gitter.im/bkimminich/juice-shop Chat]
 
 
 
[https://github.com/bkimminich/juice-shop/issues Issue Tracker]
 
 
 
== Media ==
 
 
 
[http://bkimminich.github.io/juice-shop Introduction Presentation]
 
 
 
[https://www.youtube.com/watch?v=vdnmR9RVspg Auto-Hacking Video]
 
 
 
== Project Leader ==
 
[[User:Bjoern Kimminich|Bjoern Kimminich]] [mailto:[email protected] @]
 
 
 
== Related Projects ==
 
 
 
* [[OWASP Security Shepherd|OWASP Security Shepherd]]
 
* [[OWASP WebGoat Project|OWASP WebGoat Project]]
 
 
 
==Classifications==
 
 
 
  {| width="200" cellpadding="2"
 
  |-
 
  | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
 
  |-
 
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
 
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] 
 
  |-
 
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 
  |}
 
 
 
|}
 
 
 
= Acknowledgements =
 
==Contributors==
 
 
 
The OWASP Juice Shop is developed by a worldwide team of volunteers. A live update of project [https://github.com/bkimminich/juice-shop/graphs/contributors contributors is found here].
 
 
 
= Road Map and Getting Involved =
 
 
 
Juice Shop is already implemented, properly tested and [https://github.com/bkimminich/juice-shop#blog-links has been promoted] and [https://github.com/bkimminich/juice-shop#conferences-and-meetups demonstrated or live-hacked on various occasions including OWASP events]. It has been successfully used by different companies for inhouse security trainings.
 
 
 
==Roadmap==
 
 
 
* [https://github.com/bkimminich/juice-shop/issues fix known bugs]
 
* continually adding more features/vulnerabilities to the application
 
* stabilization of the underlying architecture, e.g.
 
** migrating to Angular 2
 
** migrate to latest Sequelize version (requires to replace the discontinued sequelize-restful module)
 
** migrate to Jasmine 2 and Frisby 2 test frameworks
 
 
 
 
 
==Getting Involved==
 
 
 
Involvement in the development and promotion of OWASP Juice Shop is actively encouraged!
 
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
 
 
 
* use Juice Shop in your own hacker or awareness trainings
 
* provide ideas for new challenges to be added
 
* provide feedback via email, chat or by opening an issue on GitHub
 
 
 
__NOTOC__ <headertabs />
 
 
 
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Tool]]
 

Latest revision as of 09:45, 15 October 2019

We have fully migrated to the new OWASP Website! Please visit our new project page at

https://www2.owasp.org/www-project-juice-shop