The most trustworthy online shop out there (@dschadow)
Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name.
Full UI translation available for 16+ languages
Covering various vulnerabilities and serious design flaws
OWASP Juice Shop covers all vulnerabilities from the latest OWASP Top 10 and more.
Contains low-hanging fruits & hard-to-crack nuts
For some challenges it actually works like this
Most challenges are easier to solve after some research
The toughest challenges require multiple preparation steps
Challenge progress is tracked on server-side
Solved challenges are announced as push notifications
Conveniently save your hacking progress to restore it later
npm i -g juice-shop-ctf-cli
juice-shop-ctf on the command line and let a wizard create SQL statements to apply to CTFd's database
Your CTFd instance will be ready-to-hack in minutes
Fully customizable business context and look & feel
Customize the application via a simple
Eat your own dog food: The Juice Shop default look & feel is declared in
server: port: 3000 application: domain: juice-sh.op name: "OWASP Juice Shop" logo: JuiceShop_Logo.png favicon: favicon_v2.ico numberOfRandomFakeUsers: 0 showChallengeSolvedNotifications: true showCtfFlagsInNotifications: false showGitHubRibbon: true theme: "slate" twitterUrl: "https://twitter.com/owasp_juiceshop" facebookUrl: "https://www.facebook.com/owasp.juiceshop" products: 
YAML configuration allows you to override all products
Too much effort? Just declare the
products: - name: "Product Name" price: 100 description: "Product Description" image: "(https://somewhe.re/)image.png" useForProductTamperingChallenge: false useForChristmasChallenge: false
nameand the app will generate the rest randomly!
Maximizing Test Automation & Code Coverage
Yes, definitely! Use whatever tools you like the most!
No! The code would spoiler all challenge solutions!
No! The console would reveal several challenge solutions!
Yes! Feel free to look for ideas & hints everywhere...
...except in the GitHub repository and the logs of the Travis-CI build jobs!
Please carefully follow the instructions in the README
The application is cleanly reset on every startup
Your Score Board progress is reset as well! Save your hacking progress regularly!
Find helpful hints in the official companion guide eBook
Alternatively feel free to ask for hints in the community chat.
Please report untracked vulnerabilities by opening an issue
Of course you can also contribute directly by opening a pull request. Just don't break any tests.
*Especially those tagged with "
For your first accepted pull request you will receive some official Juice Shop stickers for free!
Serial contributors might even get t-shirts, mugs and other glorious merchandise for free!
Timeline? When it's done!
|Web Application Security in a Nutshell||http://webappsec-nutshell.kimminich.de|
|Web Application Security in a Nutshell (for Managers)||http://webappsec-nutshell.kimminich.de/management-edition.html|
|Web Application Security Training Workshop||http://slideshare.net/BjrnKimminich/web-application-security-21684264|
Licensed under the MIT license.
Created with reveal.js - The HTML Presentation Framework