OWASP Juice Shop Project
OWASP Juice Shop Tool Project
The most trustworthy online shop out there. (dschadow) — The best juice shop on the whole internet! (shehackspurple) — Actually the most bug-free vulnerable application in existence! (vanderaj) — First you 😂😂then you 😢 (kramse)
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. Finding this score board is actually one of the (easy) challenges!
Main Selling Points
This recording from OWASP BeNeLux-Days 2018 gives a complete introduction to the OWASP Juice Shop including a live demonstration of the application and how to hack it.
Spoiler warning: The video contains some live hacking including mild spoilers for a few of the easiest challenges!
Official Companion Guide
Pwning OWASP Juice Shop is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under CC BY-NC-ND 4.0 and is available for free as work-in-progress in HTML, PDF, Kindle and ePub format on GitBook. The latest officially released edition is available for free on LeanPub in PDF, Kindle and ePub format.
[16.04.19] juice-shop v8.5.0
[29.03.19] juice-shop-ctf v6.0.1
[11.03.19] juice-shop v8.4.1
[07.03.19] juice-shop v8.4.0
[29.01.19] juice-shop-ctf v6.0.0
[24.01.19] juice-shop-ctf v5.0.2
Other Corporate Sponsors
|Brian Johnson (Carrot Juice Level)|
Other Individual Sponsors
|Jeroen Willemsen||Soron Foster|
|Bendik Mjaaland||Timo Pagel|
|Benjamin Pfänder||Björn Kimminich|
All royalties of Björn Kimminich's eBook are donated to the project!
You can find the current project balance along with a history of all donations and spendings in the Chapter and Project Transactions spreadsheet.
Juice Shop is already implemented, properly tested and has been promoted and demonstrated or live-hacked on various occasions including OWASP events. It has been successfully used by different companies for inhouse security trainings as well as in university lectures or published training slides.
- Design/Facelifting of the Angular Material UI
- Hacking Instructor to guide beginners through the challenges
Involvement in the development and promotion of OWASP Juice Shop is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows: