OWASP Juice Shop Project
OWASP Juice Shop Tool Project
The most trustworthy online shop out there. (dschadow) — The best juice shop on the whole internet! (shehackspurple) — Actually the most bug-free vulnerable application in existence! (vanderaj) — First you 😂😂then you 😢 (kramse)
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. Finding this score board is actually one of the (easy) challenges!
Main Selling Points
This recording from OWASP BeNeLux-Days 2018 gives a complete introduction to the OWASP Juice Shop including a live demonstration of the application and how to hack it.
Spoiler warning: The video contains some live hacking including mild spoilers for a few of the easiest challenges!
Official Companion Guide
Pwning OWASP Juice Shop is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under CC BY-NC-ND 4.0 and is available for free as work-in-progress in HTML, PDF, Kindle and ePub format on GitBook. The latest officially released edition is available for free on LeanPub in PDF, Kindle and ePub format.
[29.08.19] juice-shop v9.0.1
[26.08.19] juice-shop v9.0.0
[05.08.19] juice-shop v8.7.3
[17.06.19] juice-shop-ctf v6.1.1
[13.06.19] juice-shop v8.7.2
[07.06.19] juice-shop v8.7.1
Other Corporate Sponsors
Other Individual Sponsors
|Jeroen Willemsen||Soron Foster|
|Bendik Mjaaland||Timo Pagel|
|Benjamin Pfänder||Björn Kimminich|
|Kevin Chung||Brian Johnson|
$1,251.68 of royalties from Björn Kimminich's eBook have been donated to the project between 09/2017 and 07/2019!
Corporate-sponsored code contributions
|Panasonic Information Systems Company Europe|
You can find the current project balance along with a history of all donations and spendings in the Chapter and Project Transactions spreadsheet.
Juice Shop is already implemented, properly tested and has been promoted and demonstrated or live-hacked on various occasions including OWASP events. It has been successfully used by different companies for inhouse security trainings as well as in university lectures or published training slides.
- Challenges in the pristine features added during GSoC 2019
- More Hacking Instructor scripts for the easier challenges
- Decouple Hacking Instructor better from frontend code
Involvement in the development and promotion of OWASP Juice Shop is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows: