The most trustworthy online shop out there (@dschadow)
Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name.
Unsuspectingly browse the Juice Shop like Average Joe!
Maximizing Test Automation & Code Coverage
Full UI translation available for 15+ languages
Covering various vulnerabilities and serious design flaws
OWASP Juice Shop covers all vulnerabilities from the latest OWASP Top 10 and more.
Contains low-hanging fruits & hard-to-crack nuts
For some challenges it actually works like this
Most challenges are easier to solve after some research
The toughest challenges require multiple preparation steps
Challenge progress is tracked on server-side
Solved challenges are announced as push notifications
Conveniently save your hacking progress to restore it later
Fully customizable business context and look & feel
Customize the application via a simple
Eat your own dog food: The Juice Shop default look & feel is declared in
server: port: 3000 application: domain: juice-sh.op name: "OWASP Juice Shop" logoReplacementUrl: ~ faviconReplacementUrl: ~ numberOfRandomFakeUsers: 0 showChallengeSolvedNotifications: true theme: "slate" products: 
YAML configuration allows you to override all products
Too much effort? Just declare the
products: - name: "Product Name" price: 100 description: "Product Description" image: "image.png" imageUrl: "https://product/image.png" useForProductTamperingChallenge: false useForChristmasChallenge: false
nameand the app will generate the rest randomly!
Yes, definitely! Use whatever tools you like the most!
No! The code would spoiler all challenge solutions!
No! The console would reveal several challenge solutions!
Yes! Feel free to look for ideas & hints everywhere...
...except in the GitHub repository and the logs of the Travis-CI build jobs!
Please carefully follow the instructions in the README
The application is cleanly reset on every startup
Your Score Board progress is reset as well! Save your hacking progress regularly!
Find helpful hints in the official companion guide eBook
Alternatively feel free to ask for hints in the community chat.
Please report untracked vulnerabilities by opening an issue
Of course you can also contribute directly by opening a pull request. Just don't break any tests.
*Especially those tagged with "
For your first accepted pull request you will receive some official Juice Shop stickers for free!
For core project team members, there's even t-shirts, mugs and other glorious merchandise!
Timeline? When it's done!
|Web Application Security in a Nutshell||http://webappsec-nutshell.kimminich.de|
|Web Application Security in a Nutshell (for Managers)||http://webappsec-nutshell.kimminich.de/management-edition.html|
|Web Application Security Training Workshop||http://slideshare.net/BjrnKimminich/web-application-security-21684264|
Licensed under the MIT license.
Created with reveal.js - The HTML Presentation Framework