|
|
(304 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | =Main=
| + | We have fully migrated to the new OWASP Website! Please visit our new project page at |
− | | + | = https://www2.owasp.org/www-project-juice-shop = |
− | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
| |
− | | |
− | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| |
− | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
| |
− | | |
− | == OWASP Juice Shop Tool Project ==
| |
− | | |
− | OWASP Juice Shop is an intentionally insecure webapp for pentesting & security awareness trainings written entirely in Javascript. Its vulnerabilities encompass the entire [[OWASP Top Ten|OWASP Top Ten]] as well as business logic bugs and other severe programming mistakes.
| |
− | | |
− | ==Description==
| |
− | | |
− | [[File:JuiceShop_Logo.png|left]]
| |
− | Juice Shop is written in Node.js, Express and AngularJS. It is the first application written entirely in JavaScript listed in the [[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP VWA Directory]]. It also seems to be the first broken web app that uses the currently popular architecture of a Single-Page-Application/Rich-Internet-Application frontend with a RESTful backend.
| |
− | | |
− | <blockquote>''Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name. That the initials "JS" match with those of "Javascript" was purely coincidental!''</blockquote>
| |
− | | |
− | The application contains 28+ challenges where the user is supposed to use certain attacks to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. (Finding the score board is actually a challenge of its own...)
| |
− | | |
− | Juice Shop can be deployed and run as a Docker container, via a packaged distribution (for some popular node.js versions) or by cloning the repository and running it directly on your node.js installation.
| |
− | | |
− | ==Licensing==
| |
− | This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/bkimminich/juice-shop/blob/master/LICENSE MIT License]. OWASP Juice Shop and any contributions are Copyright © by [[User:Bjoern Kimminich|Bjoern Kimminich]] 2014-2016.
| |
− | | |
− | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
| |
− | | |
− | == Installation ==
| |
− | | |
− | [https://github.com/bkimminich/juice-shop/releases/latest Packaged Distributions]
| |
− | | |
− | [https://registry.hub.docker.com/u/bkimminich/juice-shop/ Docker Image]
| |
− | | |
− | [https://juice-shop.herokuapp.com/ Online Preview]
| |
− | | |
− | == Source Code ==
| |
− | | |
− | [https://github.com/bkimminich/juice-shop GitHub Project]
| |
− | | |
− | [https://github.com/bkimminich/juice-shop/commits/master Revision History]
| |
− | | |
− | == Support ==
| |
− | | |
− | [https://github.com/bkimminich/juice-shop/blob/master/README.md Documentation]
| |
− | | |
− | [https://gitter.im/bkimminich/juice-shop Chat]
| |
− | | |
− | [https://github.com/bkimminich/juice-shop/issues Issue Tracker]
| |
− | | |
− | == Media ==
| |
− | | |
− | [http://bkimminich.github.io/juice-shop Introduction Presentation]
| |
− | | |
− | [https://www.youtube.com/watch?v=vdnmR9RVspg Auto-Hacking Video]
| |
− | | |
− | == Project Leader ==
| |
− | | |
− | | |
− | == Related Projects ==
| |
− | | |
− | * [[OWASP Security Shepherd|OWASP Security Shepherd]]
| |
− | * [[OWASP WebGoat Project|OWASP WebGoat Project]]
| |
− | | |
− | ==Classifications==
| |
− | | |
− | {| width="200" cellpadding="2"
| |
− | |-
| |
− | | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
| |
− | |-
| |
− | | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| |
− | | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
| |
− | |-
| |
− | | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
| |
− | |}
| |
− | | |
− | |}
| |
− | | |
− | = Acknowledgements =
| |
− | ==Contributors==
| |
− | | |
− | The OWASP Juice Shop is developed by a worldwide team of volunteers. A live update of project [https://github.com/bkimminich/juice-shop/graphs/contributors contributors is found here].
| |
− | | |
− | = Road Map and Getting Involved =
| |
− | | |
− | Juice Shop is already implemented, properly tested and [https://github.com/bkimminich/juice-shop#blog-links has been promoted] and [https://github.com/bkimminich/juice-shop#conferences-and-meetups demonstrated or live-hacked on various occasions including OWASP events]. It has been successfully used by different companies for inhouse security trainings.
| |
− | | |
− | ==Roadmap==
| |
− | | |
− | * [https://github.com/bkimminich/juice-shop/issues fix known bugs]
| |
− | * continually adding more features/vulnerabilities to the application
| |
− | * stabilization of the underlying architecture, e.g.
| |
− | ** migrating to Angular 2
| |
− | ** migrate to latest Sequelize version (requires to replace the discontinued sequelize-restful module)
| |
− | ** migrate to Jasmine 2 and Frisby 2 test frameworks
| |
− | | |
− | | |
− | ==Getting Involved==
| |
− | | |
− | Involvement in the development and promotion of OWASP Juice Shop is actively encouraged!
| |
− | You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
| |
− | | |
− | * use Juice Shop in your own hacker or awareness trainings
| |
− | * provide ideas for new challenges to be added
| |
− | * provide feedback via email, chat or by opening an issue on GitHub
| |
− | | |
− | __NOTOC__ <headertabs />
| |
− | | |
− | [[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]
| |
We have fully migrated to the new OWASP Website! Please visit our new project page at