This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP Store Sheep Project"

Jump to: navigation, search
Line 1: Line 1:
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
<div style="width:100%;height:105px;border:0,margin:0;overflow: hidden;">[[Image:Low activity.jpg|800px| link=]] </div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-

Latest revision as of 23:20, 27 April 2015

Low activity.jpg

OWASP Store Sheep

OWASP Store Sheep is a work in progress application do demonstrate security concepts relating to Windows Store Apps.


Store Sheep is a training app for Developers wishing to learn to securely code a Windows Store ('Metro Style') App, and Testers wanting to learn to test one. It contains a number of security vulnerabilities with explanations and fixes for them.


Store Sheep (in line with the 'Goat' theme of Web Goat, Rails Goat etc - I thought it was about time we had a Sheep instead) is a training application for developers and testers. It takes the form of a pretend Windows Store App called 'A friend for Ewe' which is a dating agency for owners of pet Sheep.

The purpose of Store Sheep is for developers and testers alike to learn where these apps resemble and differ from traditional Win32 and Web applications and how to build them to resist attack. A side benefit from this project will be for the community to learn more about how the certification process for a big app store works and the kind of problems it does (and doesn't) find. I would imagine this would be relevant not only to Microsoft's Store but to Apple and Google's as well.

Broadly the idea at this stage is to get a basic app and some documentation up and running quite quickly and then to refine it as time goes on.


OWASP Store Sheep is free to use. It is licensed under the GNU GPL v3 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is Store Sheep?

OWASP Store Sheep provides:

  • A Visual Studio project containing a JavaScript/HTML Windows Store app which can be side loaded on to a development machine running Windows 8.1.


Project Leader

Marion McCune

Related Projects


Quick Download

Email List

Sign Up

News and Events

In Print


New projects.png Owasp-builders-small.png
Project Type Files CODE.jpg


XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx


  • xxx
  • xxx

As of June 2014, the priorities are:

The application in its finished form will have three versions.

  1. This 'original version' contains a number of critical vulnerabilities, some of which will cause it to fail WACK (Windows Application Certification Kit). As such, if submitted to the Windows Store it would be rejected by Microsoft. The associated documentation explains how to correct these problems and move it to B)
  2. This application passes WACK and may pass Microsoft's checks, however it still contains a number of vulnerabilities such as authorisation flaws, Web Service problems etc. which would cause it to be a danger to its users' data if put live. The associated documentation explains how to find and fix these problems.
  3. This 'fixed' version of the application represents a safe (if not tremendously useful!) app which could pass through a Web Application 'penetration' test without any significant findings.

Involvement in the development and promotion of Store Sheep is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Store Sheep
Purpose: Store Sheep is a training app for Developers wishing to learn to securely code a Windows Store ('Metro Style') App, and Testers wanting to learn to test one. It contains a number of security vulnerabilities with explanations and fixes for them.
License: GNU GPL v3
who is working on this project?
Project Leader(s):
  • Marion McCune @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: [[email protected] Mailing List Archives]
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Marion McCune @ to contribute to this project
  • Contact Marion McCune @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases