The most trustworthy online shop out there (@dschadow)
Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name.
Full UI translation available for 17+ languages
Covering various vulnerabilities and serious design flaws
OWASP Juice Shop covers all vulnerabilities from the latest OWASP Top 10 and more.
Contains low-hanging fruits & hard-to-crack nuts
For some challenges it actually works like this
Most challenges are easier to solve after some research
The toughest challenges require multiple preparation steps
Challenge progress is tracked on server-side
Solved challenges are announced as push notifications
Auto-saves your hacking progress and restores on server restart
Flag codes can optionally be displayed for solved challenges
All participants use individual Juice Shop instances anywhere, sharing only the flag code-
ctfKey and a central score server.
npm i -g juice-shop-ctf-cli
juice-shop-ctf on the command line and let a wizard create SQL statements to apply to CTFd's database
Your CTFd instance will be ready-to-hack in minutes
Fully customizable business context and look & feel
Customize the application via a simple
Eat your own dog food: The Juice Shop default look & feel is declared in
server: port: 3000 application: domain: "juice-sh.op" name: "OWASP Juice Shop" logo: "JuiceShop_Logo.png" favicon: "favicon_v2.ico" numberOfRandomFakeUsers: 0 showChallengeSolvedNotifications: true showCtfFlagsInNotifications: false showGitHubRibbon: true showChallengeHints: true theme: "slate" twitterUrl: "https://twitter.com/owasp_juiceshop" facebookUrl: "https://www.facebook.com/owasp.juiceshop" recyclePage: topProductImage: "fruit_press.jpg" bottomProductImage: "apple_pressings.jpg" products: 
YAML configuration allows you to override all products
Too much effort? Just declare the
products: - name: "Product Name" price: 100 description: "Product Description" image: "(https://somewhe.re/)image.png" useForProductTamperingChallenge: false useForChristmasChallenge: false fileForRetrieveBlueprintChallenge: ~
nameand the app will generate the rest randomly!
Maximizing Test Automation & Code Coverage
Yes, definitely! Use whatever tools you like the most!
No! The code would spoiler all challenge solutions!
No! The console would reveal several challenge solutions!
Yes! Feel free to look for ideas & hints everywhere...
...except in the GitHub repository and the logs of the Travis-CI build jobs!
Please carefully follow the instructions in the README
The application is cleanly reset on every startup
Your Score Board progress is saved automatically and will restore after server restart!
Find helpful hints in the official companion guide eBook
Alternatively feel free to ask for hints in the community chat.
Please report untracked vulnerabilities by opening an issue
Of course you can also contribute directly by opening a pull request. Just don't break any tests.
*Especially those tagged with "
For your first accepted pull request you will receive some official Juice Shop stickers for free!
Serial contributors might even get t-shirts, mugs and other glorious merchandise for free!
Timeline? When it's done!
|Web Application Security in a Nutshell||http://webappsec-nutshell.kimminich.de|
|Web Application Security in a Nutshell (for Managers)||http://webappsec-nutshell.kimminich.de/management-edition.html|
|Web Application Security Training Workshop||http://slideshare.net/BjrnKimminich/web-application-security-21684264|
Licensed under the MIT license.
Created with reveal.js - The HTML Presentation Framework