Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OWASP Juice Shop 5.x and beyond

3,145 views

Published on

This year OWASP Juice Shop saw several significant enhancements and extensions that you will learn all about in this talk: 2x NoSQL injection and 2x typosquatting challenges! Customization and re-branding of the shop to your own corporate look & feel! Juice Shop CTF extension makes setting up hacking events fast & easy! Free "Pwning the OWASP Juice Shop" eBook surpasses 150 pages of in-depth information, hints and solutions for all challenges and more! At AppSecEU the project was promoted into OWASP's "Lab Projects" maturity stage! You can now 3D-print your own Juice Shop merchandise! And much, much more - actually more than can be demonstrated in this 15min session, so best install the Juice Shop yourself afterwards and explore its capabilities yourself!

Published in: Technology
  • Be the first to comment

OWASP Juice Shop 5.x and beyond

  1. 1. OWASP Juice Shop 5.x and beyond German OWASP Day-Update 2017 by /Björn Kimminich @bkimminich https://www.owasp.org/index.php/OWASP_Juice_Shop_Project Tweet Follow @owasp_juiceshop Follow @bkimminich Follow @bkimminich 192 Star 587Like 177
  2. 2. Logo Facelift (💅) 💅 Because: What could be more important, right? Right?!
  3. 3. Maturity Promotion (🎓)  Lab  Project  🎓 Review was nalized at the Project Summit during AppSecEU
  4. 4. Stats, Stats & Stats (📈) Juice Shop downloadsdownloads 1k/total1k/total downloadsdownloads 2k total2k total docker pullsdocker pulls 157k157k contributorscontributors 2222 closed pull requestsclosed pull requests 191191
  5. 5. Stats, Stats & Stats (📈) Juice Shop downloadsdownloads 1k/total1k/total downloadsdownloads 2k total2k total docker pullsdocker pulls 157k157k contributorscontributors 2222 closed pull requestsclosed pull requests 191191
  6. 6. Security Questions (🐹) 🐹 Find out in three new challenges what can go wrong with these fantastic security questions added with 4.x
  7. 7. NoSQL Database (📃) 📃 With as an additional NoSQL datastore two new challenges came in with 5.xMarsDB
  8. 8. Typosquatting (🔤) 🔤 Two new challenges from 5.x explain how to trick those with a weak mind (but quick ngers)
  9. 9. More Languages (🌏) 🌏 Full UI translation available for 17+ languages
  10. 10. Less Docker le (📦) 📦 Less meaning reduced image size from 900 to 300 MB
  11. 11. ≈500 LeanPub Readers (📖) 📖 Find helpful hints in the eBooko cial companion guide
  12. 12. Google Summer of Code (💔) 💔 OWASP unfortunately was not selected as an organization for GSoC 2017
  13. 13. OWASP Summit (💚) 💚 At OWASP Summit 2017 there were coding & threat modelling sessions in a dedicated track & villa
  14. 14. Logo Variation (🎨) 🎨 But, why create this " -accidentally-pierced-by-straw"-inspired logo?Capri-Sun
  15. 15. CTF Extension (🚩) 🚩 Use to set up an event on in 5minjuice-shop-ctf-cli CTFd
  16. 16. Frictionless CTFs (🚀) 🚀 Participants use individual server instances anywhere, sharing only a ag code-ctfKey & central score server
  17. 17. Re-branding (🎭) 🎭 Fully business context and look & feel for maximum immersioncustomizable
  18. 18. Upcoming Release 6.x (🔮) Two new 🍪JWT-related vulnerabilities... ...bringing the total to ≥48 challenges Overhaul of the 📍Object-Relational-Mapping... ...and all generated parts of the API ... xing our two oldest open 🐛bugs along the way Node.js 8.x is the 🆕recommended version... ...but 6.x will continue to work as well ...and on the 🔥-new 9.x it also runs smoothly
  19. 19. Beyond Release 6.x (🌌) Frontend update to 🍭Angular ≥5... ...or something completely di erent Participate in 🌻Google Summer of Code 2018... ...given OWASP is selected next year Get Juice Shop 🍾promoted to  Flagship  Project ... ...at some point in its lifecycle
  20. 20. Special Thanks (💖) (CTFd SQLs🚩 / JWT🍪) Josh Grossman (Re-Branding🎭 / 🎶) Timo Pagel Loud XSS-Demo (NoSQL📃 / CTF🌟 / Docker📦 / ORM+📍) Jannik Hollenbach
  21. 21. Special Thanks (💖) (CTFd SQLs🚩 / JWT🍪) (Re-Branding🎭 / 🎶) (NoSQL📃 / CTF🌟 / Docker📦 / ORM+📍) Josh Grossman Timo Pagel Loud XSS-Demo Jannik Hollenbach
  22. 22. Very Special Thanks (💝) 💝 3D-printed Keychain by Viktor Lindström
  23. 23. Very Special Thanks (💝) 💝 3D-printed Keychain by Viktor Lindström
  24. 24. Finally: Thanks to you for 👂! Copyright (c) 2017 Björn Kimminich Licensed under the .MIT license Created with - The HTML Presentation Frameworkreveal.js
  25. 25. Finally: Thanks to you for 👂! Copyright (c) 2017 Licensed under the . Created with - The HTML Presentation Framework Björn Kimminich MIT license reveal.js

×