From 7f73a421ffbf10681a72baf238c67295b60725ba Mon Sep 17 00:00:00 2001 From: Bjoern Kimminich Date: Mon, 18 Oct 2021 20:01:51 +0200 Subject: [PATCH] Reformat all Markdown files (using default IntelliJ Markdown plugin) --- CODE_OF_CONDUCT.md | 127 ++++++---------- HALL_OF_FAME.md | 49 ++++-- README.md | 153 ++++++++----------- REFERENCES.md | 367 ++++++++++++++++++++------------------------- SECURITY.md | 18 +-- SOLUTIONS.md | 165 ++++++++++---------- 6 files changed, 398 insertions(+), 481 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 81ca1dc8ca5..1f8830354b0 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,138 +2,111 @@ ## Our Pledge -We as members, contributors, and leaders pledge to make participation in -our community a harassment-free experience for everyone, regardless of -age, body size, visible or invisible disability, ethnicity, sex -characteristics, gender identity and expression, level of experience, -education, socio-economic status, nationality, personal appearance, -race, caste, color, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for +everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity +and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, +color, religion, or sexual identity and orientation. -We pledge to act and interact in ways that contribute to an open, -welcoming, diverse, inclusive, and healthy community. +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to a positive environment for our -community include: +Examples of behavior that contributes to a positive environment for our community include: * Demonstrating empathy and kindness toward other people * Being respectful of differing opinions, viewpoints, and experiences * Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our - mistakes, and learning from the experience -* Focusing on what is best not just for us as individuals, but for the - overall community +* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall community Examples of unacceptable behavior include: -* The use of sexualized language or imagery, and sexual attention or - advances of any kind -* Trolling, insulting or derogatory comments, and personal or political - attacks +* The use of sexualized language or imagery, and sexual attention or advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment -* Publishing others' private information, such as a physical or email - address, without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting +* Publishing others' private information, such as a physical or email address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting ## Enforcement Responsibilities -Community leaders are responsible for clarifying and enforcing our -standards of acceptable behavior and will take appropriate and fair -corrective action in response to any behavior that they deem -inappropriate, threatening, offensive, or harmful. +Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take +appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Community leaders have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other -contributions that are not aligned to this Code of Conduct, and will -communicate reasons for moderation decisions when appropriate. +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, +issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for +moderation decisions when appropriate. ## Scope -This Code of Conduct applies within all community spaces, and also -applies when an individual is officially representing the community in -public spaces. Examples of representing our community include using an -official e-mail address, posting via an official social media account, -or acting as an appointed representative at an online or offline event. +This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing +the community in public spaces. Examples of representing our community include using an official e-mail address, posting +via an official social media account, or acting as an appointed representative at an online or offline event. ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may -be reported to the community leaders responsible for enforcement at -[bjoern.kimminich@owasp.org](mailto:bjoern.kimminich@owasp.org). All -complaints will be reviewed and investigated promptly and fairly. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible +for enforcement at +[bjoern.kimminich@owasp.org](mailto:bjoern.kimminich@owasp.org). All complaints will be reviewed and investigated +promptly and fairly. -All community leaders are obligated to respect the privacy and security -of the reporter of any incident. +All community leaders are obligated to respect the privacy and security of the reporter of any incident. ## Enforcement Guidelines -Community leaders will follow these Community Impact Guidelines in -determining the consequences for any action they deem in violation of -this Code of Conduct: +Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem +in violation of this Code of Conduct: ### 1. Correction -**Community Impact**: Use of inappropriate language or other behavior -deemed unprofessional or unwelcome in the community. +**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the +community. -**Consequence**: A private, written warning from community leaders, -providing clarity around the nature of the violation and an explanation -of why the behavior was inappropriate. A public apology may be -requested. +**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation +and an explanation of why the behavior was inappropriate. A public apology may be requested. ### 2. Warning -**Community Impact**: A violation through a single incident or series of -actions. +**Community Impact**: A violation through a single incident or series of actions. -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, for a specified period of -time. This includes avoiding interactions in community spaces as well as -external channels like social media. Violating these terms may lead to a +**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including +unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding +interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. ### 3. Temporary Ban -**Community Impact**: A serious violation of community standards, -including sustained inappropriate behavior. +**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No -public or private interaction with the people involved, including -unsolicited interaction with those enforcing the Code of Conduct, is -allowed during this period. Violating these terms may lead to a -permanent ban. +**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified +period of time. No public or private interaction with the people involved, including unsolicited interaction with those +enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. ### 4. Permanent Ban -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of -individuals. +**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate +behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. -**Consequence**: A permanent ban from any sort of public interaction -within the community. +**Consequence**: A permanent ban from any sort of public interaction within the community. ## Attribution -This Code of Conduct is adapted from the [Contributor -Covenant][homepage], version 2.0, available at +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at [https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0]. -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder][Mozilla CoC]. +Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. For answers to common questions about this code of conduct, see the FAQ -at [https://www.contributor-covenant.org/faq][FAQ]. Translations are -available at +at [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at [https://www.contributor-covenant.org/translations][translations]. [homepage]: https://www.contributor-covenant.org + [v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html + [Mozilla CoC]: https://github.com/mozilla/diversity + [FAQ]: https://www.contributor-covenant.org/faq + [translations]: https://www.contributor-covenant.org/translations diff --git a/HALL_OF_FAME.md b/HALL_OF_FAME.md index 2fc56bc3fa9..d67bb42cd91 100644 --- a/HALL_OF_FAME.md +++ b/HALL_OF_FAME.md @@ -10,8 +10,8 @@ ## GitHub Contributors -As reported by [`git-stats -a -s '2014'`](https://www.npmjs.com/package/git-stats) analysis -of `master` as of Tue, 5 Oct 2021 after deduplication with `.mailmap`. +As reported by [`git-stats -a -s '2014'`](https://www.npmjs.com/package/git-stats) analysis of `master` as of Tue, 5 Oct +2021 after deduplication with `.mailmap`. ![Top git contributors](screenshots/git-stats.png) @@ -19,8 +19,7 @@ of `master` as of Tue, 5 Oct 2021 after deduplication with `.mailmap`. As exported from [CrowdIn Top Members Report](https://crowdin.com/project/owasp-juice-shop/reports/top-members) -(by # of translated words) for all languages as of Thu, 16 Sep 2021 -after +(by # of translated words) for all languages as of Thu, 16 Sep 2021 after [conversion into Markdown](https://thisdavej.com/copy-table-in-excel-and-paste-as-a-markdown-table/). | Name | Languages | Translated | @@ -48,19 +47,51 @@ after **Additional translations by:** -Alexander Nissen (Nissen96),fabrizio1979,OrNol (TRNSRL),Jorge Estigarribia (jorgestiga),Pablo Barrera (pablo.barrera),Coink (CoinkWang),Phakphum Visetnut (phakphum_visetnut),Kamil Vavra (vavkamil),Abdo Farwan (abdofarwan),AviD (avidouglen),Stella Dineva (stella.dineva),Stavros M. (msstavros),Fredrik Bore (Boren),GiorgiSharia,Songrit Kitisriworapan (songritk),Oussama Bouthouri (Boussama),sergio.kubota,Ender Çulha (ecu),Claudio Snidero (cla7997),Marc Rüttler (MarcRler),r0n1am,Davis Freimanis (davisfreimanis),fieldhill13,thinbashane,rToxic,stejkenzie,adeyosemanputra,Kylian Runembert (FunnHydra),Andrew Pio (siranen),Henry Hu (ninedter),zvargun,timexlord,ztzxt,Daniel Paniagua (danielgpm),Mehyar Shammas (mashkuov),asifnm,Estevam Arantes (Es7evam),REMOVED_USER,FoteiniAthina,orjen,vientspam,Allan Kimmer Jensen (Saturate),Idomin Ninja (Idomin),BostonLow,Abdullah alshowaiey (Abdullah201),にのせき (ninoseki),Egert Aia (aiaegert),Nico Ådahl (nigotiator),Lars Grini (lars.grini),Pär Svedberg (grebdevs),rakzcs,Tomas Rosenqvist (Muamaidbengt),Karl (spruur),MrNinhoJr a (mrninhojr),Albert Camps (campsupc),Zenmaster212,jasinski_tomasz,Daan Sprenkels (dsprenkels),Aleksandra Niemyska (niemyskaa),atteism,Diego Andreé Porras Rivas (andree.rivas),mateomartinez,Rasmus Bidstrup (rasmusbidstrup),Koji O (marlboro20light),Bruno Rodrigues (bmvr),Riotaro OKADA (riotaro),talisainen,OliverkeHU,Kitisak Jirawannakool (jkitisak),Bart Decker (Decker),Mohammad Febri Ramadlan (mohammadfebrir),Manu B (Rosina),coavacoffee,bill (Hawxdu),Klas Fahlberg (FahlbergKlas),CarlCampbell,Natalia (notNao),Lenka Dubois (lenkadubois),Syahrol,Mattias Persson (mattiasbpersson),rachidbm,André Santos Duarte Fonseca (Andre_Duarte),cello-anders,Store (HelaBasa),Oussama Bouthouri (oussama.bouthouri),bmoritz,GK (lollipas),landinl,mrudul,Héctor Lecuanda (hlecuanda),Michiya Tominaga (nuwaa),Ilkka Savela (ile2021),Mircea Ulmeanu (boltzmann.gt),Martin Hartl (hartlmartin),Roy Quiceno (rquiceno),Carlos Allendes (OwaspChile),redr0n19,ManuelFranz,Anthony3000,Yang Lucas (Lucas.y),REMOVED_USER,Richardson Lima (contatorichardsonlima),nilfigo,soledad aro (cristinagarciaaro),Katharina Wittkowsky (kwittkowsky),Frederik Bøgeskov Johnsen (cpfbj),kahfiehudson,motofy,Origami,dav1ds,Stefan Daugaard Poulsen (cyberzed),Ezequiel Andino (acidobinario),Isis Harris (latinadeveloper),4ourth (fourth-4),REMOVED_USER,h3nrychoi,Omer Levi Hevroni (omerlh),Sen UENO (uenosen),Mohammad Febri Ramadlan (vebryidiot),alopezhu,Abas Abas (abas70127),Umpawan Halap (umpawanhalap),xsi,Björn Palmqvist (bjornpalmqvist),Fabio Tavano (tavano.fabio),Anders Lindberg (anderslimpan),bahrunghozali,sutanci,PorPor Hai (eung.porhai),pena69,Kevin Eliezer García Peña (kevinel.gp),vikram.tp07 +Alexander Nissen (Nissen96), fabrizio1979, OrNol (TRNSRL), Jorge Estigarribia (jorgestiga), Pablo Barrera ( +pablo.barrera) +, Coink (CoinkWang), Phakphum Visetnut (phakphum_visetnut), Kamil Vavra (vavkamil), Abdo Farwan (abdofarwan), AviD ( +avidouglen), Stella Dineva (stella.dineva), Stavros M. (msstavros), Fredrik Bore (Boren), GiorgiSharia, Songrit +Kitisriworapan (songritk), Oussama Bouthouri (Boussama), sergio.kubota, Ender Çulha (ecu), Claudio Snidero (cla7997), +Marc Rüttler (MarcRler), r0n1am, Davis Freimanis (davisfreimanis) +, fieldhill13, thinbashane, rToxic, stejkenzie, adeyosemanputra, Kylian Runembert (FunnHydra), Andrew Pio (siranen), +Henry Hu ( +ninedter), zvargun, timexlord, ztzxt, Daniel Paniagua (danielgpm), Mehyar Shammas (mashkuov), asifnm, Estevam Arantes ( +Es7evam) +, REMOVED_USER, FoteiniAthina, orjen, vientspam, Allan Kimmer Jensen (Saturate), Idomin Ninja (Idomin), BostonLow, +Abdullah alshowaiey (Abdullah201), にのせき (ninoseki), Egert Aia (aiaegert), Nico Ådahl (nigotiator), Lars Grini ( +lars.grini), Pär Svedberg (grebdevs), rakzcs, Tomas Rosenqvist (Muamaidbengt), Karl (spruur), MrNinhoJr a (mrninhojr), +Albert Camps (campsupc) +, Zenmaster212, jasinski_tomasz, Daan Sprenkels (dsprenkels), Aleksandra Niemyska (niemyskaa), atteism, Diego Andreé +Porras Rivas (andree.rivas), mateomartinez, Rasmus Bidstrup (rasmusbidstrup), Koji O (marlboro20light), Bruno +Rodrigues (bmvr) +, Riotaro OKADA (riotaro), talisainen, OliverkeHU, Kitisak Jirawannakool (jkitisak), Bart Decker (Decker), Mohammad +Febri Ramadlan (mohammadfebrir), Manu B (Rosina), coavacoffee, bill (Hawxdu), Klas Fahlberg (FahlbergKlas), +CarlCampbell, Natalia ( +notNao), Lenka Dubois (lenkadubois), Syahrol, Mattias Persson (mattiasbpersson), rachidbm, André Santos Duarte Fonseca ( +Andre_Duarte), cello-anders, Store (HelaBasa), Oussama Bouthouri (oussama.bouthouri), bmoritz, GK (lollipas) +, landinl, mrudul, Héctor Lecuanda (hlecuanda), Michiya Tominaga (nuwaa), Ilkka Savela (ile2021), Mircea Ulmeanu ( +boltzmann.gt), Martin Hartl (hartlmartin), Roy Quiceno (rquiceno), Carlos Allendes (OwaspChile) +, redr0n19, ManuelFranz, Anthony3000, Yang Lucas (Lucas.y), REMOVED_USER, Richardson Lima (contatorichardsonlima) +, nilfigo, soledad aro (cristinagarciaaro), Katharina Wittkowsky (kwittkowsky), Frederik Bøgeskov Johnsen (cpfbj) +, kahfiehudson, motofy, Origami, dav1ds, Stefan Daugaard Poulsen (cyberzed), Ezequiel Andino (acidobinario), Isis +Harris ( +latinadeveloper), 4ourth (fourth-4), REMOVED_USER, h3nrychoi, Omer Levi Hevroni (omerlh), Sen UENO (uenosen), Mohammad +Febri Ramadlan (vebryidiot), alopezhu, Abas Abas (abas70127), Umpawan Halap (umpawanhalap), xsi, Björn Palmqvist ( +bjornpalmqvist) +, Fabio Tavano (tavano.fabio), Anders Lindberg (anderslimpan), bahrunghozali, sutanci, PorPor Hai (eung.porhai), pena69, +Kevin Eliezer García Peña (kevinel.gp), vikram.tp07 ## Special Thanks * Inspired by the "classic" [BodgeIt Store](https://github.com/psiinon/bodgeit) by [@psiinon](https://github.com/psiinon) -* Revised OWASP Juice Shop and Juice Shop CTF logo artworks by Emily - Gundry (courtesy of [@SecureState](https://github.com/SecureState)) +* Revised OWASP Juice Shop and Juice Shop CTF logo artworks by Emily Gundry (courtesy + of [@SecureState](https://github.com/SecureState)) * Wallpaper artworks by Mike Branscum (courtesy of [@daylightstudio](https://github.com/daylightstudio)) -* [Pwning OWASP Juice Shop](https://leanpub.com/juice-shop) cover - artwork by [Patch Kroll](https://99designs.de/profiles/3099878) +* [Pwning OWASP Juice Shop](https://leanpub.com/juice-shop) cover artwork + by [Patch Kroll](https://99designs.de/profiles/3099878) * [Banner](https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop/banners) and [flyer](https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop/flyers) diff --git a/README.md b/README.md index baaa5b39379..6f6ab1bc186 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,6 @@ [![Twitter Follow](https://img.shields.io/twitter/follow/owasp_juiceshop.svg?style=social&label=Follow)](https://twitter.com/owasp_juiceshop) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/owasp_juiceshop?style=social)](https://reddit.com/r/owasp_juiceshop) - ![CI/CD Pipeline](https://github.com/juice-shop/juice-shop/workflows/CI/CD%20Pipeline/badge.svg?branch=master) [![Test Coverage](https://api.codeclimate.com/v1/badges/6206c8f3972bcc97a033/test_coverage)](https://codeclimate.com/github/juice-shop/juice-shop/test_coverage) [![Maintainability](https://api.codeclimate.com/v1/badges/6206c8f3972bcc97a033/maintainability)](https://codeclimate.com/github/juice-shop/juice-shop/maintainability) @@ -25,35 +24,33 @@ > [But this doesn't have anything to do with juice.](https://twitter.com/coderPatros/status/1199268774626488320) > ([@coderPatros' wife](https://twitter.com/coderPatros)) -OWASP Juice Shop is probably the most modern and sophisticated insecure -web application! It can be used in security trainings, awareness demos, -CTFs and as a guinea pig for security tools! Juice Shop encompasses -vulnerabilities from the entire -[OWASP Top Ten](https://owasp.org/www-project-top-ten) along with many -other security flaws found in real-world applications! +OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security +trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the +entire +[OWASP Top Ten](https://owasp.org/www-project-top-ten) along with many other security flaws found in real-world +applications! ![Juice Shop Screenshot Slideshow](screenshots/slideshow.gif) -For a detailed introduction, full list of features and architecture -overview please visit the official project page: +For a detailed introduction, full list of features and architecture overview please visit the official project page: ## Table of contents - [Setup](#setup) - - [Deploy on Heroku (free ($0/month) dyno)](#deploy-on-heroku-free-0month-dyno) - - [From Sources](#from-sources) - - [Packaged Distributions](#packaged-distributions) - - [Docker Container](#docker-container) - - [Vagrant](#vagrant) - - [Amazon EC2 Instance](#amazon-ec2-instance) - - [Azure Container Instance](#azure-container-instance) - - [Google Compute Engine Instance](#google-compute-engine-instance) + - [Deploy on Heroku (free ($0/month) dyno)](#deploy-on-heroku-free-0month-dyno) + - [From Sources](#from-sources) + - [Packaged Distributions](#packaged-distributions) + - [Docker Container](#docker-container) + - [Vagrant](#vagrant) + - [Amazon EC2 Instance](#amazon-ec2-instance) + - [Azure Container Instance](#azure-container-instance) + - [Google Compute Engine Instance](#google-compute-engine-instance) - [Demo](#demo) - [Documentation](#documentation) - - [Node.js version compatibility](#nodejs-version-compatibility) - - [Troubleshooting](#troubleshooting) - - [Official companion guide](#official-companion-guide) + - [Node.js version compatibility](#nodejs-version-compatibility) + - [Troubleshooting](#troubleshooting) + - [Official companion guide](#official-companion-guide) - [Contributing](#contributing) - [References](#references) - [Merchandise](#merchandise) @@ -89,8 +86,7 @@ overview please visit the official project page: clone [your own fork](https://github.com/juice-shop/juice-shop/fork) of the repository) 3. Go into the cloned folder with `cd juice-shop` -4. Run `npm install` (only has to be done before first start or when you - change the source code) +4. Run `npm install` (only has to be done before first start or when you change the source code) 5. Run `npm start` 6. Browse to @@ -100,8 +96,7 @@ overview please visit the official project page: [![SourceForge](https://img.shields.io/sourceforge/dm/juice-shop?label=sourceforge%20downloads)](https://sourceforge.net/projects/juice-shop/) [![SourceForge](https://img.shields.io/sourceforge/dt/juice-shop?label=sourceforge%20downloads)](https://sourceforge.net/projects/juice-shop/) -1. Install a 64bit [node.js](#nodejs-version-compatibility) on your - Windows, MacOS or Linux machine +1. Install a 64bit [node.js](#nodejs-version-compatibility) on your Windows, MacOS or Linux machine 2. Download `juice-shop-___x64.zip` (or `.tgz`) attached to [latest release](https://github.com/juice-shop/juice-shop/releases/latest) @@ -126,8 +121,7 @@ overview please visit the official project page: 2. Run `docker pull bkimminich/juice-shop` 3. Run `docker run --rm -p 3000:3000 bkimminich/juice-shop` 4. Browse to (on macOS and Windows browse to - if you are using docker-machine instead - of the native docker installation) + if you are using docker-machine instead of the native docker installation) ### Vagrant @@ -142,12 +136,9 @@ overview please visit the official project page: ### Amazon EC2 Instance 1. In the _EC2_ sidenav select _Instances_ and click _Launch Instance_ -2. In _Step 1: Choose an Amazon Machine Image (AMI)_ choose an _Amazon - Linux AMI_ or _Amazon Linux 2 AMI_ -3. In _Step 3: Configure Instance Details_ unfold _Advanced Details_ and - copy the script below into _User Data_ -4. In _Step 6: Configure Security Group_ add a _Rule_ that opens port 80 - for HTTP +2. In _Step 1: Choose an Amazon Machine Image (AMI)_ choose an _Amazon Linux AMI_ or _Amazon Linux 2 AMI_ +3. In _Step 3: Configure Instance Details_ unfold _Advanced Details_ and copy the script below into _User Data_ +4. In _Step 6: Configure Security Group_ add a _Rule_ that opens port 80 for HTTP 5. Launch your instance 6. Browse to your instance's public DNS @@ -163,24 +154,19 @@ docker run -d -p 80:3000 bkimminich/juice-shop ### Azure Container Instance 1. Open and login (via `az login`) to your - [Azure CLI](https://azure.github.io/projects/clis/) **or** login to - the [Azure Portal](https://portal.azure.com), open the _CloudShell_ + [Azure CLI](https://azure.github.io/projects/clis/) **or** login to the [Azure Portal](https://portal.azure.com), + open the _CloudShell_ and then choose _Bash_ (not PowerShell). -2. Create a resource group by running `az group create --name --location ` -3. Create a new container by running `az container create - --resource-group --name --image - bkimminich/juice-shop --dns-name-label --ports 3000 - --ip-address public` -4. Your container will be available at `http://..azurecontainer.io:3000` +2. Create a resource group by running `az group create --name --location ` +3. Create a new container by + running `az container create --resource-group --name --image bkimminich/juice-shop --dns-name-label --ports 3000 --ip-address public` +4. Your container will be available at `http://..azurecontainer.io:3000` ### Google Compute Engine Instance 1. Login to the Google Cloud Console and [open Cloud Shell](https://console.cloud.google.com/home/dashboard?cloudshell=true). -2. Launch a new GCE instance based on the juice-shop container. Take - note of the `EXTERNAL_IP` provided in the output. +2. Launch a new GCE instance based on the juice-shop container. Take note of the `EXTERNAL_IP` provided in the output. ``` gcloud compute instances create-with-container owasp-juice-shop-app --container-image bkimminich/juice-shop @@ -213,9 +199,8 @@ Feel free to have a look at the latest version of OWASP Juice Shop: OWASP Juice Shop officially supports the following versions of [node.js](http://nodejs.org) in line with the official -[node.js LTS schedule](https://github.com/nodejs/LTS) as close as -possible. Docker images and packaged distributions are offered -accordingly. +[node.js LTS schedule](https://github.com/nodejs/LTS) as close as possible. Docker images and packaged distributions are +offered accordingly. | node.js | Supported | Tested | [Packaged Distributions](#packaged-distributions) | [Docker images](#docker-container) from `master` | [Docker images](#docker-container) from `develop` | |:--------|:---------------------|:-------------------|:--------------------------------------------------|:--------------------------------------------------------|:----------------------------------------------------------| @@ -227,9 +212,8 @@ accordingly. | 12.x | :heavy_check_mark: | :heavy_check_mark: | Windows (`x64`), MacOS (`x64`), Linux (`x64`) | `latest` (`linux/amd64`, `linux/arm/v7`, `linux/arm64`) | `snapshot` (`linux/amd64`, `linux/arm/v7`, `linux/arm64`) | | <12.x | :x: | :x: | | | | -Juice Shop is automatically tested _only on the latest `.x` minor -version_ of each node.js version mentioned above! There is no guarantee -that older minor node.js releases will always work with Juice Shop! +Juice Shop is automatically tested _only on the latest `.x` minor version_ of each node.js version mentioned above! +There is no guarantee that older minor node.js releases will always work with Juice Shop! Please make sure you stay up to date with your chosen version. ### Troubleshooting @@ -238,33 +222,26 @@ Please make sure you stay up to date with your chosen version. If you need help with the application setup please check our [our existing _Troubleshooting_](https://pwning.owasp-juice.shop/appendix/troubleshooting.html) -guide. If this does not solve your issue please post your specific -problem or question in the -[Gitter Chat](https://gitter.im/bkimminich/juice-shop) where community -members can best try to help you. +guide. If this does not solve your issue please post your specific problem or question in the +[Gitter Chat](https://gitter.im/bkimminich/juice-shop) where community members can best try to help you. -:stop_sign: **Please avoid opening GitHub issues for support requests or -questions!** +:stop_sign: **Please avoid opening GitHub issues for support requests or questions!** ### Official companion guide [![Write Goodreads Review](https://img.shields.io/badge/goodreads-write%20review-49557240.svg)](https://www.goodreads.com/review/edit/49557240) -OWASP Juice Shop comes with an official companion guide eBook. It will -give you a complete overview of all vulnerabilities found in the -application including hints how to spot and exploit them. In the -appendix you will even find complete step-by-step solutions to every -challenge. Extensive documentation of +OWASP Juice Shop comes with an official companion guide eBook. It will give you a complete overview of all +vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even +find complete step-by-step solutions to every challenge. Extensive documentation of [custom re-branding](https://pwning.owasp-juice.shop/part1/customization.html), [CTF-support](https://pwning.owasp-juice.shop/part1/ctf.html), [trainer's guide](https://pwning.owasp-juice.shop/appendix/trainers.html) and much more is also included. -[Pwning OWASP Juice Shop](https://leanpub.com/juice-shop) is published -under +[Pwning OWASP Juice Shop](https://leanpub.com/juice-shop) is published under [CC BY-NC-ND 4.0](https://creativecommons.org/licenses/by-nc-nd/4.0/) -and is available **for free** in PDF, Kindle and ePub format on LeanPub. -You can also +and is available **for free** in PDF, Kindle and ePub format on LeanPub. You can also [browse the full content online](https://pwning.owasp-juice.shop)! [![Pwning OWASP Juice Shop Cover](https://raw.githubusercontent.com/bkimminich/pwning-juice-shop/master/cover_small.jpg)](https://leanpub.com/juice-shop) @@ -284,48 +261,38 @@ We are always happy to get new contributors on board! Please check ## References -Did you write a blog post, magazine article or do a podcast about or -mentioning OWASP Juice Shop? Or maybe you held or joined a conference -talk or meetup session, a hacking workshop or public training where this -project was mentioned? +Did you write a blog post, magazine article or do a podcast about or mentioning OWASP Juice Shop? Or maybe you held or +joined a conference talk or meetup session, a hacking workshop or public training where this project was mentioned? -Add it to our ever-growing list of [REFERENCES.md](REFERENCES.md) by -forking and opening a Pull Request! +Add it to our ever-growing list of [REFERENCES.md](REFERENCES.md) by forking and opening a Pull Request! ## Merchandise * On [Spreadshirt.com](http://shop.spreadshirt.com/juiceshop) and - [Spreadshirt.de](http://shop.spreadshirt.de/juiceshop) you can get - some swag (Shirts, Hoodies, Mugs) with the official OWASP Juice Shop - logo + [Spreadshirt.de](http://shop.spreadshirt.de/juiceshop) you can get some swag (Shirts, Hoodies, Mugs) with the official + OWASP Juice Shop logo * On [StickerYou.com](https://www.stickeryou.com/products/owasp-juice-shop/794) - you can get variants of the OWASP Juice Shop logo as single stickers - to decorate your laptop with. They can also print magnets, iron-ons, - sticker sheets and temporary tattoos. + you can get variants of the OWASP Juice Shop logo as single stickers to decorate your laptop with. They can also print + magnets, iron-ons, sticker sheets and temporary tattoos. The most honorable way to get some stickers is to [contribute to the project](https://pwning.owasp-juice.shop/part3/contribution.html) -by fixing an issue, finding a serious bug or submitting a good idea for -a new challenge! +by fixing an issue, finding a serious bug or submitting a good idea for a new challenge! -We're also happy to supply you with stickers if you organize a meetup or -conference talk where you use or talk about or hack the OWASP Juice -Shop! Just +We're also happy to supply you with stickers if you organize a meetup or conference talk where you use or talk about or +hack the OWASP Juice Shop! Just [contact the mailing list](mailto:owasp_juice_shop_project@lists.owasp.org) -or [the project leader](mailto:bjoern.kimminich@owasp.org) to discuss -your plans! +or [the project leader](mailto:bjoern.kimminich@owasp.org) to discuss your plans! ## Donations [![](https://img.shields.io/badge/support-owasp%20juice%20shop-blue)](https://owasp.org/donate/?reponame=www-project-juice-shop&title=OWASP+Juice+Shop) -The OWASP Foundation gratefully accepts donations via Stripe. Projects -such as Juice Shop can then request reimbursement for expenses from the -Foundation. If you'd like to express your support of the Juice Shop -project, please make sure to tick the "Publicly list me as a supporter -of OWASP Juice Shop" checkbox on the donation form. You can find our -more about donations and how they are used here: +The OWASP Foundation gratefully accepts donations via Stripe. Projects such as Juice Shop can then request reimbursement +for expenses from the Foundation. If you'd like to express your support of the Juice Shop project, please make sure to +tick the "Publicly list me as a supporter of OWASP Juice Shop" checkbox on the donation form. You can find our more +about donations and how they are used here: @@ -346,8 +313,8 @@ For a list of all contributors to the OWASP Juice Shop please visit our [![license](https://img.shields.io/github/license/bkimminich/juice-shop.svg)](LICENSE) -This program is free software: you can redistribute it and/or modify it -under the terms of the [MIT license](LICENSE). OWASP Juice Shop and any -contributions are Copyright © by Bjoern Kimminich & the OWASP Juice Shop contributors 2014-2021. +This program is free software: you can redistribute it and/or modify it under the terms of the [MIT license](LICENSE). +OWASP Juice Shop and any contributions are Copyright © by Bjoern Kimminich & the OWASP Juice Shop contributors +2014-2021. ![Juice Shop Logo](https://raw.githubusercontent.com/bkimminich/juice-shop/master/frontend/src/assets/public/images/JuiceShop_Logo_400px.png) diff --git a/REFERENCES.md b/REFERENCES.md index 9e4aa7665c9..19e12167d6b 100644 --- a/REFERENCES.md +++ b/REFERENCES.md @@ -1,9 +1,8 @@ # References [![Mentioned in Awesome AppSec](https://awesome.re/mentioned-badge.svg)](https://github.com/paragonie/awesome-appsec) -Did you write a blog post, magazine article or do a podcast about or -mentioning OWASP Juice Shop? Add it to this file and open a PR! The same -goes for conference or meetup talks, workshops or trainings you did -where this project was mentioned or used! +Did you write a blog post, magazine article or do a podcast about or mentioning OWASP Juice Shop? Add it to this file +and open a PR! The same goes for conference or meetup talks, workshops or trainings you did where this project was +mentioned or used! > :bulb: indicates resources that contain _hints for solving challenges_ > of the OWASP Juice Shop. These are supposed to be helpful whenever you @@ -25,11 +24,12 @@ where this project was mentioned or used! ### Pod- & Webcasts -* [OWASP Spotlight - Project 20 - OWASP Security Pin](https://www.youtube.com/watch?v=GnSddCV4UwM) by Vandana Verma with Timo Pagel :mega: +* [OWASP Spotlight - Project 20 - OWASP Security Pin](https://www.youtube.com/watch?v=GnSddCV4UwM) by Vandana Verma with + Timo Pagel :mega: * [People | Process | Technology Podcast](https://soundcloud.com/owasp-podcast/) (fka "OWASP 24/7 Podcast"): - * [OWASP Flagship Projects - Episode 02](https://soundcloud.com/owasp-podcast/owasp-flagship-projects-episode-02) - * [Less than 10 Minutes Series: The Juice Shop Project](https://soundcloud.com/owasp-podcast/less-than-10-minutes-series-the-juice-shop-project) + * [OWASP Flagship Projects - Episode 02](https://soundcloud.com/owasp-podcast/owasp-flagship-projects-episode-02) + * [Less than 10 Minutes Series: The Juice Shop Project](https://soundcloud.com/owasp-podcast/less-than-10-minutes-series-the-juice-shop-project) * [Learn Web App Security Penetration Testing with Juice Shop \[Free\]](https://youtu.be/ShUTDUYEMWA) by [Gerald Auger - Simply Cyber](https://www.YouTube.com/channel/UCG-48Ki-b6W_siaUkukJOSw) @@ -37,74 +37,73 @@ where this project was mentioned or used! with [Eddie Jaoude](https://www.YouTube.com/channel/UC5mnBodB73bR88fLXHSfzYA) :mega: -* [ZAP in Ten](https://www.alldaydevops.com/zap-in-ten) with Simon - Bennetts - * [ZAP in Ten: ADDO Workshop Section 1 - Introduction](https://play.vidyard.com/BAmiaxyzS3g2BCgX2vbVvV) - :mega: - * [ZAP in Ten: ADDO Workshop Section 3 - Packaged Scans](https://play.vidyard.com/iT5C1onahsh3YhQi5SRnLL) - :mega: - * [ZAP in Ten: ADDO Workshop Section 4 - Intro to Authentication](https://play.vidyard.com/zwWm4qMRc8wD2KAgozvC5t) - :mega: - * [ZAP in Ten: ADDO Workshop Section 6 - Standard Auth with JuiceShop](https://play.vidyard.com/igf3A8UdZ6QAGiFjEpLH86) - * [ZAP in Ten: ADDO Workshop Section 8 - JuiceShop SSO Authentication](https://play.vidyard.com/TMcBcuhyPt57sUqPcJUtpv) +* [ZAP in Ten](https://www.alldaydevops.com/zap-in-ten) with Simon Bennetts + * [ZAP in Ten: ADDO Workshop Section 1 - Introduction](https://play.vidyard.com/BAmiaxyzS3g2BCgX2vbVvV) + :mega: + * [ZAP in Ten: ADDO Workshop Section 3 - Packaged Scans](https://play.vidyard.com/iT5C1onahsh3YhQi5SRnLL) + :mega: + * [ZAP in Ten: ADDO Workshop Section 4 - Intro to Authentication](https://play.vidyard.com/zwWm4qMRc8wD2KAgozvC5t) + :mega: + * [ZAP in Ten: ADDO Workshop Section 6 - Standard Auth with JuiceShop](https://play.vidyard.com/igf3A8UdZ6QAGiFjEpLH86) + * [ZAP in Ten: ADDO Workshop Section 8 - JuiceShop SSO Authentication](https://play.vidyard.com/TMcBcuhyPt57sUqPcJUtpv) * 15min video tutorial by [Nick Malcolm](https://www.YouTube.com/channel/UCgU77NClL2pLS92viQro6yA): [OWASP Juice Shop 101](https://youtu.be/8ZYoe0xu6QY) :godmode: * [Application Security Podcast](https://securityjourney.com/application-security-podcast): - * Episode 7.2: - [Jannik Hollenbach — Multijuicer: JuiceShop with a side of Kubernetes](https://podcast.securityjourney.com/jannik-hollenbach-multijuicer-juiceshop-with-a-side-of-kubernetes/) - ([YouTube](https://youtu.be/3M6EMDKIAYs)) - * Episode 5.21: - [Season 5 Finale — A cross section of #AppSec (S05E21)](https://podcast.securityjourney.com/season-5-finale-a-cross-section-of-appsec/) - (contains - [5 minute AppSec: Björn Kimminich — JuiceShop](https://www.securityjourney.com/blog/bjorn-kimminich-juiceship-5-minute-appsec/) - entirely) - * Episode 5.20: - [Ronnie Flathers - Security programs big and small](https://podcast.securityjourney.com/ronnie-flathers-security-programs-big-and-small/) - :mega: - * Episode 5.9: - [The new JuiceShop, GSOC, and Open Security Summit](https://securityjourney.com/blog/bjorn-kimminich-the-new-juiceshop-gsoc-and-open-security-summit/) - * 5 minute AppSec: - [Björn Kimminich — JuiceShop](https://www.securityjourney.com/blog/bjorn-kimminich-juiceship-5-minute-appsec/) - * Episode 4.27: - [Season 4 Finale (S04E27)](https://www.securityjourney.com/blog/season-4-finale-s04e27/) - (snippet from - [4.17](https://securityjourney.com/blog/the-joy-of-the-vulnerable-web-juiceshops04e17/)) - * Episode 4.20: - [Security Culture Hacking: Disrupting the Security Status Quo (S04E20)](https://www.securityjourney.com/blog/security-culture-hacking-disrupting-the-security-status-quo-s04e20/) - :mega: - * Episode 4.17: - [The Joy of the Vulnerable Web: JuiceShop (S04E17)](https://securityjourney.com/blog/the-joy-of-the-vulnerable-web-juiceshops04e17/) + * Episode 7.2: + [Jannik Hollenbach — Multijuicer: JuiceShop with a side of Kubernetes](https://podcast.securityjourney.com/jannik-hollenbach-multijuicer-juiceshop-with-a-side-of-kubernetes/) + ([YouTube](https://youtu.be/3M6EMDKIAYs)) + * Episode 5.21: + [Season 5 Finale — A cross section of #AppSec (S05E21)](https://podcast.securityjourney.com/season-5-finale-a-cross-section-of-appsec/) + (contains + [5 minute AppSec: Björn Kimminich — JuiceShop](https://www.securityjourney.com/blog/bjorn-kimminich-juiceship-5-minute-appsec/) + entirely) + * Episode 5.20: + [Ronnie Flathers - Security programs big and small](https://podcast.securityjourney.com/ronnie-flathers-security-programs-big-and-small/) + :mega: + * Episode 5.9: + [The new JuiceShop, GSOC, and Open Security Summit](https://securityjourney.com/blog/bjorn-kimminich-the-new-juiceshop-gsoc-and-open-security-summit/) + * 5 minute AppSec: + [Björn Kimminich — JuiceShop](https://www.securityjourney.com/blog/bjorn-kimminich-juiceship-5-minute-appsec/) + * Episode 4.27: + [Season 4 Finale (S04E27)](https://www.securityjourney.com/blog/season-4-finale-s04e27/) + (snippet from + [4.17](https://securityjourney.com/blog/the-joy-of-the-vulnerable-web-juiceshops04e17/)) + * Episode 4.20: + [Security Culture Hacking: Disrupting the Security Status Quo (S04E20)](https://www.securityjourney.com/blog/security-culture-hacking-disrupting-the-security-status-quo-s04e20/) + :mega: + * Episode 4.17: + [The Joy of the Vulnerable Web: JuiceShop (S04E17)](https://securityjourney.com/blog/the-joy-of-the-vulnerable-web-juiceshops04e17/) * Webcast recording on [7 Minute Security](https://7ms.us): [DIY $500 Pentest Lab - Part 1](https://www.YouTube.com/watch?v=7qnaR6ZmJzA) :mega: * Recorded live streams from the [Twitch](https://aka.ms/DevSlopTwitch)/[Mixer](https://aka.ms/DevSlop-Mixer) [OWASP DevSlop](https://devslop.co/) Show: - * [OWASP DevSlop E12 - Juice Shop with Björn Kimminich](https://www.twitch.tv/videos/337620852) - ([YouTube](https://youtu.be/KEYWRtGNDEc)) :godmode: + * [OWASP DevSlop E12 - Juice Shop with Björn Kimminich](https://www.twitch.tv/videos/337620852) + ([YouTube](https://youtu.be/KEYWRtGNDEc)) :godmode: * Webcast recording on [Signal Sciences](https://vimeo.com/signalsciences): [Secure Development Lessons from Purposely Insecure Applications](https://vimeo.com/241965102/40f6b1778b) * [7 Minute Security](https://7ms.us) Podcast: - * Episode #403: - [7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle](https://7ms.us/7ms-403-7moomama-juice-shop-song-backdoors-and-breaches-jingle/) - * Episode #318: - [Interview with Bjorn Kimminich of OWASP Juice Shop](https://7ms.us/7ms-318-interview-with-bjorn-kimminich-of-owasp-juice-shop/) - * Shout outs in various episodes: - [#347](https://7ms.us/7ms-347-happy-5th-birthday-to-7ms/), - [#342](https://7ms.us/7ms-342-interview-with-matt-mccullough/), - [#310](https://7ms.us/7ms-310/), - [#309](https://7ms.us/7ms-309-password-cracking-in-the-cloud-part-2/), - [#306](https://7ms.us/7ms-306-a-peek-into-the-7ms-mail-bag-part-2/) - and [#282](https://7ms.us/7ms-282-a-peek-into-the-7ms-mail-bag/) - :mega: + * Episode #403: + [7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle](https://7ms.us/7ms-403-7moomama-juice-shop-song-backdoors-and-breaches-jingle/) + * Episode #318: + [Interview with Bjorn Kimminich of OWASP Juice Shop](https://7ms.us/7ms-318-interview-with-bjorn-kimminich-of-owasp-juice-shop/) + * Shout outs in various episodes: + [#347](https://7ms.us/7ms-347-happy-5th-birthday-to-7ms/), + [#342](https://7ms.us/7ms-342-interview-with-matt-mccullough/), + [#310](https://7ms.us/7ms-310/), + [#309](https://7ms.us/7ms-309-password-cracking-in-the-cloud-part-2/), + [#306](https://7ms.us/7ms-306-a-peek-into-the-7ms-mail-bag-part-2/) + and [#282](https://7ms.us/7ms-282-a-peek-into-the-7ms-mail-bag/) + :mega: * Video tutorial about automating web application security scans with [OWASP ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) using Juice Shop as the tested app: [All you need is Zaproxy - Security Testing for WebApps Made Easy](https://www.YouTube.com/watch?v=AQX84p9NhqY) - * [Example integration as a Docker Compose script](https://github.com/Soluto/webdriverio-zap-proxy) - * [Scan results of the example integration](https://jsfiddle.net/62aedL6n/) + * [Example integration as a Docker Compose script](https://github.com/Soluto/webdriverio-zap-proxy) + * [Scan results of the example integration](https://jsfiddle.net/62aedL6n/) ### Blogs & Articles @@ -138,17 +137,17 @@ where this project was mentioned or used! :godmode: * Blog posts on [DevelopSec - Developing Better Security](https://www.developsec.com/): - * [Installing OWASP JuiceShop with Docker](https://www.developsec.com/2018/05/10/installing-owasp-juiceshop-with-docker/) - ([YouTube](https://www.YouTube.com/watch?v=ftS8I7WeKtw)) - * [Installing OWASP JuiceShop with Heroku](https://www.developsec.com/2018/05/15/installing-owasp-juiceshop-with-heroku/) - ([YouTube](https://www.YouTube.com/watch?v=umrLbJkJRN0)) - * [Burp Extension – Juice Shop Routes](https://www.developsec.com/2018/05/18/burp-extension-juice-shop-routes/) - ([YouTube](https://www.YouTube.com/watch?v=o628SfvwHp0)) :godmode: + * [Installing OWASP JuiceShop with Docker](https://www.developsec.com/2018/05/10/installing-owasp-juiceshop-with-docker/) + ([YouTube](https://www.YouTube.com/watch?v=ftS8I7WeKtw)) + * [Installing OWASP JuiceShop with Heroku](https://www.developsec.com/2018/05/15/installing-owasp-juiceshop-with-heroku/) + ([YouTube](https://www.YouTube.com/watch?v=umrLbJkJRN0)) + * [Burp Extension – Juice Shop Routes](https://www.developsec.com/2018/05/18/burp-extension-juice-shop-routes/) + ([YouTube](https://www.YouTube.com/watch?v=o628SfvwHp0)) :godmode: * Blog posts on [Jason Haley - Ramblings from an Independent Consultant](http://www.jasonhaley.com/): - * [How to Setup OWASP Juice Shop on Azure (Part 1 of 3)](http://www.jasonhaley.com/post/How-to-Setup-OWASP-Juice-Shop-on-Azure-%28Part-1-of-3%29) - * [Setup OWASP Juice Shop in Web App for Containers (Part 2 of 3)](http://www.jasonhaley.com/post/Setup-OWASP-Juice-Shop-in-Web-App-for-Containers-%28Part-2-of-3%29) - * [Setup OWASP Juice Shop in Azure Container Instances (Part 3 of 3)](http://www.jasonhaley.com/post/Setup-OWASP-Juice-Shop-in-Azure-Container-Instances-%28Part-3-of-3%29) + * [How to Setup OWASP Juice Shop on Azure (Part 1 of 3)](http://www.jasonhaley.com/post/How-to-Setup-OWASP-Juice-Shop-on-Azure-%28Part-1-of-3%29) + * [Setup OWASP Juice Shop in Web App for Containers (Part 2 of 3)](http://www.jasonhaley.com/post/Setup-OWASP-Juice-Shop-in-Web-App-for-Containers-%28Part-2-of-3%29) + * [Setup OWASP Juice Shop in Azure Container Instances (Part 3 of 3)](http://www.jasonhaley.com/post/Setup-OWASP-Juice-Shop-in-Azure-Container-Instances-%28Part-3-of-3%29) * Blog post on [Josh Grossman's blog](https://joshcgrossman.com): [Setting up an OWASP Juice Shop CTF](https://joshcgrossman.com/2018/03/15/setting-up-an-owasp-juice-shop-ctf/) * Blog post on [Mozilla Hacks](https://hacks.mozilla.org): @@ -161,8 +160,8 @@ where this project was mentioned or used! [OWASP Juice Shop Vulnerable Webapp](https://stuartwintertear.net/owasp-juice-shop-vulnerable-webapp) ([Peerlyst cross-post](https://www.peerlyst.com/posts/owasp-juice-shop-vulnerable-webapp-stuart-winter-tear)) * Blog posts on [OWASP Summit 2017](https://owaspsummit.org): - * [Juice Shop v4.0.0 Live Release](https://owaspsummit.org/2017/06/15/Juice-Shop-Live-Release-v4.html) - * [Juice Shop's call to pre-summit action](https://owaspsummit.org/2017/05/27/Juice-Shops-call-to-pre-summit-action.html) + * [Juice Shop v4.0.0 Live Release](https://owaspsummit.org/2017/06/15/Juice-Shop-Live-Release-v4.html) + * [Juice Shop's call to pre-summit action](https://owaspsummit.org/2017/05/27/Juice-Shops-call-to-pre-summit-action.html) * Vulnerable website collection on [Bonkers About Tech](https://www.bonkersabouttech.com): [40+ Intentionally Vulnerable Websites To (Legally) Practice Your Hacking Skills](https://www.bonkersabouttech.com/security/40-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392) @@ -206,27 +205,27 @@ where this project was mentioned or used! * [Juice Shop Track](https://open-security-summit-2020.heysummit.com/topics/owasp-juiceshop/) at [Open Security Summit 2020](https://open-security-summit.org/) - * [OWASP Juice Shop Cocktail Party: Ask us anything!](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-cocktail-party-ask-us-anything/) - with Björn Kimminich, Jannik Hollenbach & Timo Pagel 15.06.2020 - ([YouTube](https://youtu.be/h5ApBfFMmao)) - * [OWASP Juice Shop Deep Dive: MultiJuicer](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-deep-dive-multijuicer/) - with Jannik Hollenbach & Robert Seedorf, 15.06.2020 - ([YouTube](https://youtu.be/1YHjkc3Xzd0)) - * [OWASP Juice Shop Deep Dive: Integration](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-deep-dive-integration/) - with Björn Kimminich, 15.06.2020 - ([YouTube](https://youtu.be/9SkUohiKgtU)) - * [OWASP Juice Shop Deep Dive: Theming](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-deep-dive-theming-1/) - with Björn Kimminich, 15.06.2020 - ([YouTube](https://youtu.be/WtY712DdlR8)) - * [OWASP Juice Shop Introduction](https://pre-summit-training-sessions.heysummit.com/talks/owasp-juice-shop-introduction/) - with Björn Kimminich, 11.06.2020 - ([YouTube](https://youtu.be/wCF08BdXdDg)) - * [MultiJuicer Introduction](https://pre-summit-training-sessions.heysummit.com/talks/multijuicer-introduction/) - with Jannik Hollenbach and Robert Seedorf, 02.06.2020 - ([YouTube](https://youtu.be/6NMjZbfnTOU)) - * [OWASP Juice Shop Introduction](https://pre-summit-training-sessions.heysummit.com/talks/owasp-juice-shop/) - with Björn Kimminich, 02.06.2020 - ([YouTube](https://youtu.be/Ry0mXz6ZPXc)) + * [OWASP Juice Shop Cocktail Party: Ask us anything!](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-cocktail-party-ask-us-anything/) + with Björn Kimminich, Jannik Hollenbach & Timo Pagel 15.06.2020 + ([YouTube](https://youtu.be/h5ApBfFMmao)) + * [OWASP Juice Shop Deep Dive: MultiJuicer](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-deep-dive-multijuicer/) + with Jannik Hollenbach & Robert Seedorf, 15.06.2020 + ([YouTube](https://youtu.be/1YHjkc3Xzd0)) + * [OWASP Juice Shop Deep Dive: Integration](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-deep-dive-integration/) + with Björn Kimminich, 15.06.2020 + ([YouTube](https://youtu.be/9SkUohiKgtU)) + * [OWASP Juice Shop Deep Dive: Theming](https://open-security-summit-2020.heysummit.com/talks/owasp-juice-shop-deep-dive-theming-1/) + with Björn Kimminich, 15.06.2020 + ([YouTube](https://youtu.be/WtY712DdlR8)) + * [OWASP Juice Shop Introduction](https://pre-summit-training-sessions.heysummit.com/talks/owasp-juice-shop-introduction/) + with Björn Kimminich, 11.06.2020 + ([YouTube](https://youtu.be/wCF08BdXdDg)) + * [MultiJuicer Introduction](https://pre-summit-training-sessions.heysummit.com/talks/multijuicer-introduction/) + with Jannik Hollenbach and Robert Seedorf, 02.06.2020 + ([YouTube](https://youtu.be/6NMjZbfnTOU)) + * [OWASP Juice Shop Introduction](https://pre-summit-training-sessions.heysummit.com/talks/owasp-juice-shop/) + with Björn Kimminich, 02.06.2020 + ([YouTube](https://youtu.be/Ry0mXz6ZPXc)) * [Drinks with Adversaries: Creating Adversary Trading Cards](https://pre-summit-training-sessions.heysummit.com/talks/social-drinks-and-adversaries) with Mark Miller at [Open Security Summit 2020](https://open-security-summit.org/), @@ -234,70 +233,62 @@ where this project was mentioned or used! :mega: * Selected Project at [OWASP Projects Summit - Winter 2020](https://owasp.org/www-staff/projects/202002-Projects-Summit-Q1.html) - with Björn Kimminich, Jannik Hollenbach and Marc Rüttler collaborating - on + with Björn Kimminich, Jannik Hollenbach and Marc Rüttler collaborating on [prepared working packages](https://github.com/juice-shop/juice-shop/milestone/10) and - [the `v10.0.0` release](https://owasp.org/2020/03/17/juice-shop-v10.html), - 27.-29.02.2020 + [the `v10.0.0` release](https://owasp.org/2020/03/17/juice-shop-v10.html), 27.-29.02.2020 * [OWASP Juice Shop track](https://github.com/OpenSecuritySummit/oss2019/tree/master/content/tracks/OWASP-Juice-Shop) and related working sessions organized by Björn Kimminich, - [Open Security Summit 2019](https://github.com/OpenSecuritySummit/oss2019), - 03.-07.06.2019 -* Juice Shop related working sessions organized by Jannik Hollenbach and - Timo Pagel in + [Open Security Summit 2019](https://github.com/OpenSecuritySummit/oss2019), 03.-07.06.2019 +* Juice Shop related working sessions organized by Jannik Hollenbach and Timo Pagel in [OWASP Projects track](https://github.com/OpenSecuritySummit/oss2018/tree/master/content/tracks/OWASP-Projects), - [Open Security Summit 2018](https://github.com/OpenSecuritySummit/oss2018), - 04.-08.06.2018 + [Open Security Summit 2018](https://github.com/OpenSecuritySummit/oss2018), 04.-08.06.2018 * [Outcome of the Juice Shop track](https://github.com/OWASP/owasp-summit-2017/blob/master/Outcomes/Juice-Shop/Juce-Shop-Update.md) - and related working sessions organized by Björn Kimminich and Timo - Pagel, - [OWASP Summit 2017](https://github.com/OWASP/owasp-summit-2017), - 12.-16.06.2017 + and related working sessions organized by Björn Kimminich and Timo Pagel, + [OWASP Summit 2017](https://github.com/OWASP/owasp-summit-2017), 12.-16.06.2017 ### [Google Summer of Code](http://owasp.org/gsoc) * Student project from [Google Summer of Code 2021](https://summerofcode.withgoogle.com/archive/2021/projects) - * [Extending the features of the vulnerable code snippets](https://summerofcode.withgoogle.com/archive/2021/projects/5180407718346752P) - by Ayas Behera (mentored by Jannik Hollenbach and Björn Kimminich) + * [Extending the features of the vulnerable code snippets](https://summerofcode.withgoogle.com/archive/2021/projects/5180407718346752P) + by Ayas Behera (mentored by Jannik Hollenbach and Björn Kimminich) * Student project from [Google Summer of Code 2020](https://summerofcode.withgoogle.com/archive/2020/projects) - * [Juice-Shop ChatBot and general fixes](https://summerofcode.withgoogle.com/archive/2020/projects/5660020047347712/) - by Mohit Sharma (mentored by Jannik Hollenbach, Björn Kimminich and - Timo Pagel) + * [Juice-Shop ChatBot and general fixes](https://summerofcode.withgoogle.com/archive/2020/projects/5660020047347712/) + by Mohit Sharma (mentored by Jannik Hollenbach, Björn Kimminich and Timo Pagel) * Student project from [Google Summer of Code 2019](https://summerofcode.withgoogle.com/archive/2019/projects) - * [OWASP Juice Shop: Feature Pack 2019](https://summerofcode.withgoogle.com/archive/2019/projects/6526397403627520/) - by Arpit Agrawal (mentored by Jannik Hollenbach, Björn Kimminich and - Shoeb Patel) + * [OWASP Juice Shop: Feature Pack 2019](https://summerofcode.withgoogle.com/archive/2019/projects/6526397403627520/) + by Arpit Agrawal (mentored by Jannik Hollenbach, Björn Kimminich and Shoeb Patel) * Student projects from [Google Summer of Code 2018](https://summerofcode.withgoogle.com/archive/2018/projects) - * [OWASP Juice Shop : Challenge Pack 2018](https://summerofcode.withgoogle.com/archive/2018/projects/6267528737193984) - by Shoeb Patel (mentored by Jannik Hollenbach and Timo Pagel) - * [OWASP Juice Shop : Frontend Technology Update](https://summerofcode.withgoogle.com/archive/2018/projects/6636660909408256) - by Aashish Singh (mentored by Björn Kimminich) + * [OWASP Juice Shop : Challenge Pack 2018](https://summerofcode.withgoogle.com/archive/2018/projects/6267528737193984) + by Shoeb Patel (mentored by Jannik Hollenbach and Timo Pagel) + * [OWASP Juice Shop : Frontend Technology Update](https://summerofcode.withgoogle.com/archive/2018/projects/6636660909408256) + by Aashish Singh (mentored by Björn Kimminich) ## Conference and Meetup Appearances #### 2021 -* [OWASP Juice Shop Flagship Project](https://owasp20thanniversaryevent20.sched.com/event/m1uL/owasp-juice-shop-flagship-project) by Björn Kimminich, [OWASP 20th Anniversary Event](https://20thanniversary.owasp.org/), 24.09.2021 ([YouTube]() :godmode:) +* [OWASP Juice Shop Flagship Project](https://owasp20thanniversaryevent20.sched.com/event/m1uL/owasp-juice-shop-flagship-project) + by Björn Kimminich, [OWASP 20th Anniversary Event](https://20thanniversary.owasp.org/), 24.09.2021 ([YouTube]() : + godmode:) * [SDLC con OWASP y laboratorio con OWASP Juice Shop](https://www.meetup.com/de-DE/OWASP-Uruguay-Chapter/events/279827017/) (:uruguay:) with Martín Marsicano and Pablo Alzuri, [OWASP Uruguay Chapter](https://owasp.org/www-chapter-uruguay/), 19.08.2021 [YouTube](https://youtu.be/OAE1EnBNMlc?t=2722) :godmode: -* [Talking Juice Shop and Maintaining a Flagship OWASP Project with Björn Kimminich](https://www.meetup.com/OWASP-Northern-Virginia-Chapter/events/278751084/), +* [Talking Juice Shop and Maintaining a Flagship OWASP Project with Björn Kimminich](https://www.meetup.com/OWASP-Northern-Virginia-Chapter/events/278751084/) + , [OWASP Northern Virginia Chapter](https://owasp.org/www-chapter-northern-virginia/), 07.07.2021 ([YouTube](https://youtu.be/uejiQ9VvFu4)) * [OWASP Aarhus Chapter Worskhop and CTF](https://www.meetup.com/de-DE/OWASP-Aarhus-Chapter/events/277659233/) with Björn Kimminich, - [OWASP Aarhus Chapter](https://owasp.org/www-chapter-aarhus/), - 06.05.2021 + [OWASP Aarhus Chapter](https://owasp.org/www-chapter-aarhus/), 06.05.2021 * [Modern Web Application Hacking for Beginners](https://github.com/bkimminich/it-security-lecture/tree/workshop), virtual 4h diversity training by Björn Kimminich, - [OWASP Training Events 2021 - 2020 SOS Re-run](https://github.com/OWASP/www-event-2021-training), - 26.01.2021 + [OWASP Training Events 2021 - 2020 SOS Re-run](https://github.com/OWASP/www-event-2021-training), 26.01.2021 #### 2020 @@ -310,12 +301,10 @@ where this project was mentioned or used! 24.11.2020 ([YouTube](https://youtu.be/AUhDItHHLiY)) * [Modern Web Application Hacking for Beginners](https://github.com/bkimminich/it-security-lecture/tree/workshop), virtual 4h diversity training by Björn Kimminich, - [AppSec Days - Summer of Security 2020](https://github.com/OWASP/www-event-2020-08-virtual), - 25.08.2020 + [AppSec Days - Summer of Security 2020](https://github.com/OWASP/www-event-2020-08-virtual), 25.08.2020 * [OWASP Projects Panel](https://www.meetup.com/de-DE/womeninappsec/events/271754765/) - hosted by [OWASP WIA](https://www.meetup.com/womeninappsec/) moderated - by Zoe Braiterman with panelists Bjoern Kimminich, Glenn & Riccardo - ten Cate and Spyros Gasteratos, 25.07.2020 + hosted by [OWASP WIA](https://www.meetup.com/womeninappsec/) moderated by Zoe Braiterman with panelists Bjoern + Kimminich, Glenn & Riccardo ten Cate and Spyros Gasteratos, 25.07.2020 ([YouTube](https://youtu.be/d96-HCrSh2M)) * [OWASP ZAP Intro (Online)](https://www.meetup.com/de-DE/OWASP-Hamburg-Stammtisch/events/270078609/) by Simon Bennetts, @@ -323,8 +312,7 @@ where this project was mentioned or used! 23.04.2020 ([YouTube](https://youtu.be/SD28HdVI-Wk)) :mega: * [ZAP in Ten, Extended Edition: Automation Deepdive](https://www.alldaydevops.com/addo-speakers/simom-bennetts) by Simon Bennetts, - [All Day DevOps Spring Break Edition](https://www.alldaydevops.com/), - 17.04.2020 :bulb: + [All Day DevOps Spring Break Edition](https://www.alldaydevops.com/), 17.04.2020 :bulb: #### 2019 @@ -335,17 +323,15 @@ where this project was mentioned or used! :bulb:) * [S' OWASP Saft-Lädeli / The OWASP Juice Shop](https://www.meetup.com/de-DE/OWASPSwitzerland/events/264422942/) by Björn Kimminich, - [OWASP Switzerland Chapter Meeting](https://www.meetup.com/de-DE/OWASPSwitzerland/), - 18.11.2019 + [OWASP Switzerland Chapter Meeting](https://www.meetup.com/de-DE/OWASPSwitzerland/), 18.11.2019 * [OWASP Juice Shop: The ultimate All Vuln WebApp](https://www.alldaydevops.com/addo-speakers/bj%C3%B6rn-kimminich) - by Björn Kimminich, [All Day DevOps](https://www.alldaydevops.com/), - 06.11.2019 + by Björn Kimminich, [All Day DevOps](https://www.alldaydevops.com/), 06.11.2019 ([YouTube](https://www.YouTube.com/watch?v=-JuPprlGb48&t=13939s) :bulb:) * [Juice Shop](https://globalappsecamsterdam2019.sched.com/event/U84e/juice-shop) by Björn Kimminich, Project Showcase track of the - [Global AppSec Amsterdam 2019](https://ams.globalappsec.org/), - 26.09.2019 ([YouTube](https://youtu.be/XXkMY_VyJ-Y) :bulb:) + [Global AppSec Amsterdam 2019](https://ams.globalappsec.org/), 26.09.2019 ([YouTube](https://youtu.be/XXkMY_VyJ-Y) : + bulb:) * [Elbsides vs. Juice Shop](https://2019.elbsides.de/programme.html#elbsides-vs-juice-shop) workshop with Björn Kimminich, [Elbsides 2019](https://2019.elbsides.de), 16.09.2019 @@ -358,8 +344,7 @@ where this project was mentioned or used! [enterJS 2019](https://www.enterjs.de/2019/), 25.06.2019 * [Web Application Hacking with Burp Suite and OWASP ZAP](https://globalappsectelaviv2019.sched.com/event/MLSU/web-application-hacking-with-burp-suite-and-owasp-zap) training with Vandana Verma, - [Global Appsec Tel Aviv 2019](https://globalappsectelaviv2019.sched.com), - 28.05.2019 + [Global Appsec Tel Aviv 2019](https://globalappsectelaviv2019.sched.com), 28.05.2019 * [A good first impression can work wonders: creating AppSec training that developers <3](https://locomocosec2019.sched.com/event/MGNM/a-good-first-impression-can-work-wonders-creating-appsec-training-that-developers-v) by Leif Dreizler, [LocoMocoSec 2019](https://locomocosec2019.sched.com/), 18.04.2019 @@ -367,16 +352,14 @@ where this project was mentioned or used! workshop with Björn Kimminich, [Pixels Camp v3.0](https://pixels.camp), 21.03.2019 * [OWASP Juice Shop - First you :-D :-D then you :,-(](https://github.com/PixelsCamp/talks/blob/master/2019/owasp-juice-shop_bjoern-kimminich.md) - by Björn Kimminich, [Pixels Camp v3.0](https://pixels.camp), - 21.03.2019 ([YouTube](https://youtu.be/v9qrAK_iBa0) :bulb:) + by Björn Kimminich, [Pixels Camp v3.0](https://pixels.camp), 21.03.2019 ([YouTube](https://youtu.be/v9qrAK_iBa0) : + bulb:) * [News from the fruit press: Juice Shop 8](https://www.meetup.com/de-DE/OWASP-Hamburg-Stammtisch/events/258185324/) by Björn Kimminich, - [39. OWASP Stammtisch Hamburg](https://www.meetup.com/de-DE/OWASP-Hamburg-Stammtisch), - 27.02.2019 + [39. OWASP Stammtisch Hamburg](https://www.meetup.com/de-DE/OWASP-Hamburg-Stammtisch), 27.02.2019 * [Back to Basics: Hacking OWASP JuiceShop](https://www.owasp.org/index.php/Knoxville#Past_Meetings) by Jeremy Kelso, - [OWASP Knoxville Chapter Meeting](https://www.owasp.org/index.php/Knoxville), - 24.01.2019 + [OWASP Knoxville Chapter Meeting](https://www.owasp.org/index.php/Knoxville), 24.01.2019 #### 2018 @@ -397,12 +380,10 @@ where this project was mentioned or used! 20.11.2018 ([YouTube](https://youtu.be/2oNfZo2H4uA)) * [Workshop: OWASP Juice Shop](https://owasp.github.io/german-owasp-day/archive/2018/) by Björn Kimminich, - [German OWASP Day 2018](https://owasp.github.io/german-owasp-day/archive/2018/), - 19.11.2018 + [German OWASP Day 2018](https://owasp.github.io/german-owasp-day/archive/2018/), 19.11.2018 * [OWASP Portland Chapter Meeting - OWASP Juice Shop!](http://calagator.org/events/1250474481) facilitated by David Quisenberry, - [OWASP Portland Chapter](https://www.owasp.org/index.php/Portland), - 08.11.2018 + [OWASP Portland Chapter](https://www.owasp.org/index.php/Portland), 08.11.2018 * [OWASP Juice Shop - Public Lecture](https://www.facebook.com/events/674384206291349) by Björn Kimminich, [TalTech Infotehnoloogia Kolledž](https://www.facebook.com/itcollege.ee), @@ -410,16 +391,13 @@ where this project was mentioned or used! _starting 14:55_) * [JUGHH: Security Hackathon](https://www.meetup.com/jug-hamburg/events/254885956/) by [iteratec](https://www.iteratec.de/), - [Java User Group Hamburg](https://www.meetup.com/jug-hamburg), - 11.10.2018 + [Java User Group Hamburg](https://www.meetup.com/jug-hamburg), 11.10.2018 * [Playing with OWASP Juice Shop](https://mozilla.or.id/en/space/events/258-playing-with-owasp-juice-shop.html) - by Mohammad Febri R, [Mozilla Indonesia](https://mozilla.or.id/), - 05.08.2018 + by Mohammad Febri R, [Mozilla Indonesia](https://mozilla.or.id/), 05.08.2018 ([Slides](https://slides.com/mohammadfebri/owasp-juice-shop)) * [OWASP Juice Shop どうでしょう](https://speakerdeck.com/ninoseki/owasp-juice-shop-doudesiyou) by Manabu Niseki, - [OWASP Night 2018/7](https://owasp.doorkeeper.jp/events/77466), - 30.07.2018 + [OWASP Night 2018/7](https://owasp.doorkeeper.jp/events/77466), 30.07.2018 * [Usable Security Tooling - Creating Accessible Security Testing with ZAP](https://www.meetup.com/de-DE/Bay-Area-OWASP/events/252283865/) by David Scrobonia, [OWASP Meetup - SF July 2018](https://www.meetup.com/de-DE/Bay-Area-OWASP/), @@ -430,39 +408,30 @@ where this project was mentioned or used! :mega: * [OWASP Juice Shop: Betreutes Hacken](https://www.meetup.com/de-DE/owasp-karlsruhe/events/251041169/) with - [OWASP Stammtisch Karlsruhe](https://www.owasp.org/index.php/OWASP_Stammtisch_Karlsruhe), - 04.06.2018 + [OWASP Stammtisch Karlsruhe](https://www.owasp.org/index.php/OWASP_Stammtisch_Karlsruhe), 04.06.2018 * [Hacking Workshop - Twin Cities vs. OWASP Juice Shop](https://secure360.org/secure360-twin-cities/schedule/?conference=9826&date=20180517) with Björn Kimminich, - [Secure360 Twin Cities](https://secure360.org/secure360-twin-cities/), - 17.05.2018 + [Secure360 Twin Cities](https://secure360.org/secure360-twin-cities/), 17.05.2018 * [OWASP Juice Shop - The Ultimate Vulnerable WebApp](https://secure360.org/session/bjorn-kimminich-owasp-juice-shop-the-ultimate-vulnerable-webapp/?conference=9826&date=20180516) by Björn Kimminich, - [Secure360 Twin Cities](https://secure360.org/secure360-twin-cities/), - 16.05.2018 + [Secure360 Twin Cities](https://secure360.org/secure360-twin-cities/), 16.05.2018 * [OWASP MSP Chapter May Meeting](https://www.meetup.com/OWASP-MSP-Meetup/events/249940370/) with Björn Kimminich, - [OWASP MSP Meetup](https://www.meetup.com/OWASP-MSP-Meetup/) St Paul, - 14.05.2018 + [OWASP MSP Meetup](https://www.meetup.com/OWASP-MSP-Meetup/) St Paul, 14.05.2018 * [OWASP Juice Shop - The next chapter ...](https://www.meetup.com/CyberHackathon/events/249606655/?eventId=249606655) with Jaan Janesmae, - [CyberHackathon](https://www.meetup.com/CyberHackathon/) Tallinn, - 30.04.2018 + [CyberHackathon](https://www.meetup.com/CyberHackathon/) Tallinn, 30.04.2018 * OWASP Juice Shop Introduction at [ChaosTreff Tallinn Weekly Meetup](https://www.meetup.com/ChaosTreff-Tallinn/events/249627780/) with Björn Kimminich, - [ChaosTreff Tallinn](https://www.meetup.com/ChaosTreff-Tallinn/), - 26.04.2018 + [ChaosTreff Tallinn](https://www.meetup.com/ChaosTreff-Tallinn/), 26.04.2018 * [OWASP Juice Shop Intro and Getting Started](https://www.meetup.com/CyberHackathon/events/249359520/?eventId=249359520) with Jaan Janesmae, - [CyberHackathon](https://www.meetup.com/CyberHackathon/) Tallinn, - 09.04.2018 + [CyberHackathon](https://www.meetup.com/CyberHackathon/) Tallinn, 09.04.2018 * [Web Application Security: A Hands-on Testing Challenge](https://dojo.ministryoftesting.com/events/testbash-brighton-2018) by Dan Billing, - [TestBash Brighton 2018](https://dojo.ministryoftesting.com/events/testbash-brighton-2018), - 15.03.2018 -* [OWASP Top 10](https://appseccalifornia2018.sched.com/event/CuRs) by - Andrew van der Stock, + [TestBash Brighton 2018](https://dojo.ministryoftesting.com/events/testbash-brighton-2018), 15.03.2018 +* [OWASP Top 10](https://appseccalifornia2018.sched.com/event/CuRs) by Andrew van der Stock, [OWASP AppSec California 2018](https://2018.appseccalifornia.org/), 30.01.2018 ([YouTube](https://www.YouTube.com/watch?v=TXAztSpYpvE) :godmode: _starting 25:40_) @@ -471,8 +440,7 @@ where this project was mentioned or used! * [OWASP Juice Shop 5.x and beyond](https://www.owasp.org/index.php/German_OWASP_Day_2017#Programm) by Björn Kimminich, - [German OWASP Day 2017](https://www.owasp.org/index.php/German_OWASP_Day_2017), - 14.11.2017 + [German OWASP Day 2017](https://www.owasp.org/index.php/German_OWASP_Day_2017), 14.11.2017 * [OWASP Juice Shop Introduction](https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_talks) talk and [AppSec Bucharest vs. OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Free_workshops) @@ -481,63 +449,54 @@ where this project was mentioned or used! 13.10.2017 * [2 Hour Hacking: Juice Shop](https://www.meetup.com/de-DE/OWASP-Los-Angeles/events/238321796/) by Timo Pagel, - [OWASP Los Angeles](https://www.meetup.com/de-DE/OWASP-Los-Angeles/), - 10.10.2017 + [OWASP Los Angeles](https://www.meetup.com/de-DE/OWASP-Los-Angeles/), 10.10.2017 * [Hacking the OWASP Juice Shop](https://www.owasp.org/index.php/North_Sweden#2017-09-19_-_2017q3:_Hacking_the_OWASP_Juice_Shop) with Björn Kimminich, - [OWASP North Sweden Chapter](https://www.owasp.org/index.php/North_Sweden), - 19.09.2017 + [OWASP North Sweden Chapter](https://www.owasp.org/index.php/North_Sweden), 19.09.2017 * [OWASP Juice Shop Workshop](https://www.linkedin.com/feed/update/urn:li:activity:6309257579876929537) with Björn Kimminich, - [OWASP Stockholm Chapter](https://www.owasp.org/index.php/Stockholm), - 18.09.2017 + [OWASP Stockholm Chapter](https://www.owasp.org/index.php/Stockholm), 18.09.2017 * Hacking session at [Angular Talk & Code](https://www.meetup.com/de-DE/Hamburg-AngularJS-Meetup/events/234414398/) with Björn Kimminich, - [Angular Meetup Hamburg](https://www.meetup.com/de-DE/Hamburg-AngularJS-Meetup/), - 13.09.2017 -* Capture The Flag - Security Game by Benjamin Brunzel, Jöran Tesse, - Rüdiger Heins & Sven Strittmatter, + [Angular Meetup Hamburg](https://www.meetup.com/de-DE/Hamburg-AngularJS-Meetup/), 13.09.2017 +* Capture The Flag - Security Game by Benjamin Brunzel, Jöran Tesse, Rüdiger Heins & Sven Strittmatter, [solutions.hamburg](https://solutions.hamburg), 08.09.2017 * OWASP Juice Shop - Einmal quer durch den Security-Saftladen by Björn Kimminich, [solutions.hamburg](https://solutions.hamburg), 08.09.2017 * [Black Box Threat Modeling](https://www.peerlyst.com/posts/bsidestlv-2017-black-box-threat-modeling-avid) - by Avi Douglen, [BSides Tel Aviv 2017](https://bsidestlv.com/), - Underground Track, 28.06.2017 + by Avi Douglen, [BSides Tel Aviv 2017](https://bsidestlv.com/), Underground Track, 28.06.2017 * [OWASP update](https://www.meetup.com/OWASP-Bristol/events/235736793) by Katy Anton, - [OWASP Bristol (UK) Chapter](https://www.owasp.org/index.php/Bristol), - 22.06.2017 + [OWASP Bristol (UK) Chapter](https://www.owasp.org/index.php/Bristol), 22.06.2017 * [Update on OWASP Projects & Conferences](https://www.owasp.org/index.php/London#Thursday.2C_18th_May_2017_.28Central_London.29) by Sam Stepanyan, [OWASP London Chapter](https://www.owasp.org/index.php/London#OWASP_London) Meeting, 18.05.2017 -* [OWASP Juice Shop: Achieving sustainability for open source projects](https://appseceurope2017.sched.com/event/A66A/owasp-juice-shop-achieving-sustainability-for-open-source-projects), +* [OWASP Juice Shop: Achieving sustainability for open source projects](https://appseceurope2017.sched.com/event/A66A/owasp-juice-shop-achieving-sustainability-for-open-source-projects) + , [AppSec Europe 2017](https://2017.appsec.eu) by Björn Kimminich, 11.05.2017 ([YouTube](https://www.YouTube.com/watch?v=bOSdFnFAYNc)) * [OWASP Juice Shop: Stammtisch-Lightning-Update](http://lanyrd.com/2017/owasp-de/sfrdtq/) by Björn Kimminich, - [27. OWASP Stammtisch Hamburg](http://lanyrd.com/2017/owasp-de/), - 25.04.2017 + [27. OWASP Stammtisch Hamburg](http://lanyrd.com/2017/owasp-de/), 25.04.2017 * [Juice Shop Hacking Session](https://www.xing.com/events/juice-shop-hacking-session-1771555) by Jens Hausherr, - [Software-Test User Group Hamburg](https://www.xing.com/communities/groups/software-test-user-group-hamburg-1207-1002644), - 21.03.2017 + [Software-Test User Group Hamburg](https://www.xing.com/communities/groups/software-test-user-group-hamburg-1207-1002644) + , 21.03.2017 * [Hands on = Juice Shop Hacking Session](http://lanyrd.com/2017/software-tester-group-hamburg-16032017/sfqcxq/) by Björn Kimminich, [Software Tester Group Hamburg (English-speaking)](http://lanyrd.com/2017/software-tester-group-hamburg-16032017), 16.03.2017 * [Kurzvortrag: Hack the Juice Shop](https://www.meetup.com/de-DE/phpughh/events/235572004/) by Timo Pagel, - [PHP-Usergroup Hamburg](https://www.meetup.com/de-DE/phpughh/), - 14.02.2017 + [PHP-Usergroup Hamburg](https://www.meetup.com/de-DE/phpughh/), 14.02.2017 #### 2016 * [Lightning Talk: What's new in OWASP Juice Shop](https://www.owasp.org/index.php/German_OWASP_Day_2016#Programm) by Björn Kimminich, - [German OWASP Day 2016](https://www.owasp.org/index.php/German_OWASP_Day_2016/), - 29.11.2016 + [German OWASP Day 2016](https://www.owasp.org/index.php/German_OWASP_Day_2016/), 29.11.2016 * [Gothenburg pwns the OWASP Juice Shop](https://owaspgbgday.se/bjorn-kimminich-gothenburg-pwns-the-owasp-juice-shop-workshop/) by Björn Kimminich, [OWASP Gothenburg Day 2016](https://owaspgbgday.se/), 24.11.2016 @@ -548,34 +507,28 @@ where this project was mentioned or used! :godmode: _in last 10min_) * [Hacking-Session für Developer (und Pentester)](https://www.kieler-linuxtage.de/index.php?seite=programm.html#226) by Timo Pagel, - [Kieler Open Source und Linux Tage](https://www.kieler-linuxtage.de/index.php?seite=programm.html), - 16.09.2016 + [Kieler Open Source und Linux Tage](https://www.kieler-linuxtage.de/index.php?seite=programm.html), 16.09.2016 * [Security-Auditing aus der Cloud – Softwareentwicklung kontinuierlich auf dem Prüfstand](http://www.sea-con.de/seacon2016/konferenz/konferenzprogramm/vortrag/do-41-2/title/security-auditing-aus-der-cloud-softwareentwicklung-kontinuierlich-auf-dem-pruefstand.html) by Robert Seedorff & Benjamin Pfänder, [SeaCon 2016](http://www.sea-con.de/seacon2016), 12.05.2016 * [Hacking the Juice Shop ("So ein Saftladen!")](http://lanyrd.com/2016/javaland/sdtbph/) - by Björn Kimminich, [JavaLand 2016](http://lanyrd.com/2016/javaland/), - 08.03.2016 + by Björn Kimminich, [JavaLand 2016](http://lanyrd.com/2016/javaland/), 08.03.2016 * [Hacking the JuiceShop! ("Hackt den Saftladen!")](http://lanyrd.com/2016/nodehamburg/sdxtch/) by Björn Kimminich, - [node.HH Meetup: Security!](http://lanyrd.com/2016/nodehamburg/), - 03.02.2016 + [node.HH Meetup: Security!](http://lanyrd.com/2016/nodehamburg/), 03.02.2016 * [OWASP Top 5 Web-Risiken](http://lanyrd.com/2016/nodehamburg/sdxtcg/) by Timo Pagel, - [node.HH Meetup: Security!](http://lanyrd.com/2016/nodehamburg/), - 03.02.2016 + [node.HH Meetup: Security!](http://lanyrd.com/2016/nodehamburg/), 03.02.2016 #### 2015 * [Lightning Talk: Hacking the Juice Shop ("So ein Saftladen!")](http://lanyrd.com/2015/owasp-d2015/sdtzgg/) by Björn Kimminich, - [German OWASP Day 2015](http://lanyrd.com/2015/owasp-d2015/), - 01.12.2015 + [German OWASP Day 2015](http://lanyrd.com/2015/owasp-d2015/), 01.12.2015 * [Juice Shop - Hacking an intentionally insecure JavaScript Web Application](http://lanyrd.com/2015/jsunconf/sdmpzk/) by Björn Kimminich, [JS Unconf 2015](http://lanyrd.com/2015/jsunconf/), 25.04.2015 * [So ein Saftladen! - Hacking Session für Developer (und Pentester)](http://lanyrd.com/2015/owasp-de/sdhctr/) by Björn Kimminich, - [17. OWASP Stammtisch Hamburg](http://lanyrd.com/2015/owasp-de/), - 27.01.2015 + [17. OWASP Stammtisch Hamburg](http://lanyrd.com/2015/owasp-de/), 27.01.2015 diff --git a/SECURITY.md b/SECURITY.md index 3229ac3001b..2695a591218 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,13 +1,10 @@ # Security Policy -OWASP Juice Shop is an _intentionally vulnerable_ web application, but -we still do not want to be suprised by zero day vulnerabilities which -are not part of our hacking challenges. We are following the proposed -Internet standard so you can find our -"security" policy in any running instance of the application at the -expected location described in -. Finding it is -actually one of our hacking challenges! +OWASP Juice Shop is an _intentionally vulnerable_ web application, but we still do not want to be suprised by zero day +vulnerabilities which are not part of our hacking challenges. We are following the proposed Internet +standard so you can find our +"security" policy in any running instance of the application at the expected location described in +. Finding it is actually one of our hacking challenges! ## Supported Versions @@ -20,9 +17,8 @@ We provide security patches for the latest released minor version. ## Reporting a Vulnerability -For vulnerabilities which are **not** part of any hacking challenge -please contact . In all other cases please -contact our shop's "security team" at the address mentioned in the +For vulnerabilities which are **not** part of any hacking challenge please contact . In all +other cases please contact our shop's "security team" at the address mentioned in the `security.txt` accessible through the running application. > Instead of fixing reported vulnerabilities we might turn them into diff --git a/SOLUTIONS.md b/SOLUTIONS.md index 146f4669e5a..847f4736bde 100644 --- a/SOLUTIONS.md +++ b/SOLUTIONS.md @@ -1,9 +1,7 @@ # Solutions -Did you write a guide specifically on hacking OWASP Juice Shop or record -a hacking session of your own? Add it to this file and open a PR! The -same goes for any scripts or automated tools you made for making Juice -Shop easier to hack! +Did you write a guide specifically on hacking OWASP Juice Shop or record a hacking session of your own? Add it to this +file and open a PR! The same goes for any scripts or automated tools you made for making Juice Shop easier to hack! > :godmode: **Everything** mentioned on this specific page is considered > to contain _spoilers for entire challenge solutions_ so the entries @@ -23,69 +21,68 @@ Shop easier to hack! playlist of [Hacksplained](https://www.youtube.com/channel/UCyv6ItVqQPnlFFi2zLxlzXA) (🧃`v10.x` - `v11.x`) - * [★ Zero Stars](https://youtu.be/0YSNRz0NRt8) - * [★ Confidential Document](https://youtu.be/Yi7OiMtzGXc) - * [★ DOM XSS](https://youtu.be/BuVxyBo05F8) - * [★ Error Handling](https://youtu.be/WGafQnjSMk4) - * [★ Missing Encoding](https://youtu.be/W7Bt2AmYtao) - * [★ Outdated Allowlist](https://youtu.be/TEdZAXuTfpk) - * [★ Privacy Policy](https://youtu.be/f5tM_4vBq-w) - * [★ Repetitive Registration](https://youtu.be/mHjYOtKGYQM) - * [★★ Login Admin](https://youtu.be/LuU1fSuc7Gg) - * [★★ Admin Section](https://youtu.be/BPLhu354esc) - * [★★ Classic Stored XSS](https://youtu.be/dxzU6djocJQ) - * [★★ Deprecated Interface](https://youtu.be/yQ40B_eSj48) - * [★★ Five Star Feedback](https://youtu.be/9BsfRJA_-ik) - * [★★ Login MC SafeSearch](https://youtu.be/8VhGBdVK9ik) - * [★★ Password Strength](https://youtu.be/fnuz-3QM8ac) - * [★★ Security Policy](https://youtu.be/_h829JTNtKo) - * [★★ View Basket](https://youtu.be/hBbdxn3-aiU) - * [★★ Weird Crypto](https://youtu.be/GWJouiMUJno) - * [★★★ API-Only XSS](https://youtu.be/aGjLR4uc0ys) - * [★★★ Admin Registration](https://youtu.be/-H3Ngs-S0Ms) - * [★★★ Björn's Favorite Pet](https://youtu.be/a0k465G8Zkc) - * [★★★ Captcha Bypass](https://youtu.be/pgGVVOhIiaM) - * [★★★ Client-side XSS Protection](https://youtu.be/bNjsjs0T0_k) - * [★★★ Database Schema](https://youtu.be/0-D-e66U2Z0) - * [★★★ Forged Feedback](https://youtu.be/99iKTSkZ814) - * [★★★ Forged Review](https://youtu.be/k2abfhtuU9c) - * [★★★ GDPR Data Erasure](https://youtu.be/zBTYSpp41u8) - * [★★★ Login Amy](https://youtu.be/ICln3xcVxzI) - * [★★★ Login Bender](https://youtu.be/a6kh9fL77A0) - * [★★★ Login Jim](https://youtu.be/zJpJibswGWA) - * [★★★ Manipluate Basket](https://youtu.be/pdtDtmIiSOQ) - * [★★★ Payback Time](https://youtu.be/QN4f00VsXn4) - * [★★★ Privacy Policy Inspection](https://youtu.be/5DUXTmp5KbI) - * [★★★ Product Tampering](https://youtu.be/G4UKdotkyu8) - * [★★★ Reset Jim's Password](https://youtu.be/qYVlxeKVhgA) - * [★★★ Upload Size](https://youtu.be/5pcAPUihhWA) - * [★★★ Upload Type](https://youtu.be/4FPyMdyVt2s) - * [★★★★ Access Log (Sensitive Data Exposure)](https://youtu.be/RBTfGk-ZwnY) - * [★★★★ Ephemeral Accountant (SQL-Injection)](https://youtu.be/rD-_fRDHf9o) - * [★★★★ Expired Coupon (Improper Input Validation)](https://youtu.be/4cWTUdTvTZg) - * [★★★★ Forgotten Developer Backup (Sensitive Data Exposure)](https://youtu.be/YvkuVZ6r2Rg) - * [★★★★ Forgotten Sales Backup (Sensitive Data Exposure)](https://youtu.be/5g4WRASni6g) - * [★★★★ GDPR Data Theft (Sensitive Data Exposure)](https://youtu.be/GPW90c4Ahbc) - * [★★★★ Legacy Typosquatting (Vulnerable Components)](https://youtu.be/HqkGeWtwiHY) - * [★★★★ Login Bjoern (Broken Authentication)](https://youtu.be/pmBJ1ZAlpF8) - * [★★★★ Misplaced Signature File (Sensitive Data Exposure)](https://youtu.be/56qHiwxTjYY) - * [★★★★ Nested Easter Egg (Cryptographic Issues)](https://youtu.be/yvatrnWvcGE) - * [★★★★ NoSql Manipulation (Injection)](https://youtu.be/frymuDxKwmc) - :broken_heart: - * [★★★★★ Change Benders Password (Broken Authentication)](https://youtu.be/J3BSi-z9_7I) - * [★★★★★ Extra Language (Broken Anti Automation)](https://youtu.be/KU2LzxABetk) + * [★ Zero Stars](https://youtu.be/0YSNRz0NRt8) + * [★ Confidential Document](https://youtu.be/Yi7OiMtzGXc) + * [★ DOM XSS](https://youtu.be/BuVxyBo05F8) + * [★ Error Handling](https://youtu.be/WGafQnjSMk4) + * [★ Missing Encoding](https://youtu.be/W7Bt2AmYtao) + * [★ Outdated Allowlist](https://youtu.be/TEdZAXuTfpk) + * [★ Privacy Policy](https://youtu.be/f5tM_4vBq-w) + * [★ Repetitive Registration](https://youtu.be/mHjYOtKGYQM) + * [★★ Login Admin](https://youtu.be/LuU1fSuc7Gg) + * [★★ Admin Section](https://youtu.be/BPLhu354esc) + * [★★ Classic Stored XSS](https://youtu.be/dxzU6djocJQ) + * [★★ Deprecated Interface](https://youtu.be/yQ40B_eSj48) + * [★★ Five Star Feedback](https://youtu.be/9BsfRJA_-ik) + * [★★ Login MC SafeSearch](https://youtu.be/8VhGBdVK9ik) + * [★★ Password Strength](https://youtu.be/fnuz-3QM8ac) + * [★★ Security Policy](https://youtu.be/_h829JTNtKo) + * [★★ View Basket](https://youtu.be/hBbdxn3-aiU) + * [★★ Weird Crypto](https://youtu.be/GWJouiMUJno) + * [★★★ API-Only XSS](https://youtu.be/aGjLR4uc0ys) + * [★★★ Admin Registration](https://youtu.be/-H3Ngs-S0Ms) + * [★★★ Björn's Favorite Pet](https://youtu.be/a0k465G8Zkc) + * [★★★ Captcha Bypass](https://youtu.be/pgGVVOhIiaM) + * [★★★ Client-side XSS Protection](https://youtu.be/bNjsjs0T0_k) + * [★★★ Database Schema](https://youtu.be/0-D-e66U2Z0) + * [★★★ Forged Feedback](https://youtu.be/99iKTSkZ814) + * [★★★ Forged Review](https://youtu.be/k2abfhtuU9c) + * [★★★ GDPR Data Erasure](https://youtu.be/zBTYSpp41u8) + * [★★★ Login Amy](https://youtu.be/ICln3xcVxzI) + * [★★★ Login Bender](https://youtu.be/a6kh9fL77A0) + * [★★★ Login Jim](https://youtu.be/zJpJibswGWA) + * [★★★ Manipluate Basket](https://youtu.be/pdtDtmIiSOQ) + * [★★★ Payback Time](https://youtu.be/QN4f00VsXn4) + * [★★★ Privacy Policy Inspection](https://youtu.be/5DUXTmp5KbI) + * [★★★ Product Tampering](https://youtu.be/G4UKdotkyu8) + * [★★★ Reset Jim's Password](https://youtu.be/qYVlxeKVhgA) + * [★★★ Upload Size](https://youtu.be/5pcAPUihhWA) + * [★★★ Upload Type](https://youtu.be/4FPyMdyVt2s) + * [★★★★ Access Log (Sensitive Data Exposure)](https://youtu.be/RBTfGk-ZwnY) + * [★★★★ Ephemeral Accountant (SQL-Injection)](https://youtu.be/rD-_fRDHf9o) + * [★★★★ Expired Coupon (Improper Input Validation)](https://youtu.be/4cWTUdTvTZg) + * [★★★★ Forgotten Developer Backup (Sensitive Data Exposure)](https://youtu.be/YvkuVZ6r2Rg) + * [★★★★ Forgotten Sales Backup (Sensitive Data Exposure)](https://youtu.be/5g4WRASni6g) + * [★★★★ GDPR Data Theft (Sensitive Data Exposure)](https://youtu.be/GPW90c4Ahbc) + * [★★★★ Legacy Typosquatting (Vulnerable Components)](https://youtu.be/HqkGeWtwiHY) + * [★★★★ Login Bjoern (Broken Authentication)](https://youtu.be/pmBJ1ZAlpF8) + * [★★★★ Misplaced Signature File (Sensitive Data Exposure)](https://youtu.be/56qHiwxTjYY) + * [★★★★ Nested Easter Egg (Cryptographic Issues)](https://youtu.be/yvatrnWvcGE) + * [★★★★ NoSql Manipulation (Injection)](https://youtu.be/frymuDxKwmc) + :broken_heart: + * [★★★★★ Change Benders Password (Broken Authentication)](https://youtu.be/J3BSi-z9_7I) + * [★★★★★ Extra Language (Broken Anti Automation)](https://youtu.be/KU2LzxABetk) * [Broken Authentication and SQL Injection - OWASP Juice Shop TryHackMe](https://youtu.be/W4MXUnZB2jc) by [Motasem Hamdan - CyberSecurity Trainer](https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ) * Live Hacking von Online-Shop „Juice Shop” (:de:) - [Twitch live stream](https://www.twitch.tv/GregorBiswanger) recordings - by + [Twitch live stream](https://www.twitch.tv/GregorBiswanger) recordings by [Gregor Biswanger](https://www.youtube.com/channel/UCGMA9qDbIQ-EhgLD-ZrsHWw) (🧃`v11.x`) - * [Level 1](https://youtu.be/ccy-eKYpdbk) - * [Level 2](https://youtu.be/KtMPEDJx0Sg) - * [Level 3](https://youtu.be/aqXfFVHJ91g) - * [Level 4](https://youtu.be/jfe-iEePlTc) + * [Level 1](https://youtu.be/ccy-eKYpdbk) + * [Level 2](https://youtu.be/KtMPEDJx0Sg) + * [Level 3](https://youtu.be/aqXfFVHJ91g) + * [Level 4](https://youtu.be/jfe-iEePlTc) * [HackerOne #h1-2004 Community Day: Intro to Web Hacking - OWASP Juice Shop](https://youtu.be/KmlwIwG7Kv4) by [Nahamsec](https://twitch.tv/nahamsec) including the creation of a (fake) bugbounty report for all findings (🧃`v10.x`) @@ -98,30 +95,30 @@ Shop easier to hack! by Arthur Kay (🧃`v8.x`) * [HackerSploit](https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q) Youtube channel (🧃`v7.x`) - * [OWASP Juice Shop - SQL Injection](https://youtu.be/nH4r6xv-qGg) - * [Web App Penetration Testing - #15 - HTTP Attributes (Cookie Stealing)](https://youtu.be/8s3ChNKU85Q) - * [Web App Penetration Testing - #14 - Cookie Collection & Reverse Engineering](https://youtu.be/qtr0qtptYys) - * [Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery)](https://youtu.be/TwG0Rd0hr18) - * [How To Install OWASP Juice Shop](https://youtu.be/tvNKp1QXV_8) + * [OWASP Juice Shop - SQL Injection](https://youtu.be/nH4r6xv-qGg) + * [Web App Penetration Testing - #15 - HTTP Attributes (Cookie Stealing)](https://youtu.be/8s3ChNKU85Q) + * [Web App Penetration Testing - #14 - Cookie Collection & Reverse Engineering](https://youtu.be/qtr0qtptYys) + * [Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery)](https://youtu.be/TwG0Rd0hr18) + * [How To Install OWASP Juice Shop](https://youtu.be/tvNKp1QXV_8) * [7 Minute Security](https://7ms.us) Podcast (🧃`v2.x`) - * Episode #234: - [7MS #234: Pentesting OWASP Juice Shop - Part 5](https://7ms.us/7ms-234-pentesting-owasp-juice-shop-part5/) - ([Youtube](https://www.youtube.com/watch?v=lGVAXCfFwv0)) - * Episode #233: - [7MS #233: Pentesting OWASP Juice Shop - Part 4](https://7ms.us/7ms-233-pentesting-owasp-juice-shop-part-4/) - ([Youtube](https://www.youtube.com/watch?v=1hhd9EwX7h0)) - * Episode #232: - [7MS #232: Pentesting OWASP Juice Shop - Part 3](https://7ms.us/7ms-232-pentesting-owasp-juice-shop-part-3/) - ([Youtube](https://www.youtube.com/watch?v=F8iRF2d-YzE)) - * Episode #231: - [7MS #231: Pentesting OWASP Juice Shop - Part 2](https://7ms.us/7ms-231-pentesting-owasp-juice-shop-part-2/) - ([Youtube](https://www.youtube.com/watch?v=523l4Pzhimc)) - * Episode #230: - [7MS #230: Pentesting OWASP Juice Shop - Part 1](https://7ms.us/7ms-230-pentesting-owasp-juice-shop-part-1/) - ([Youtube](https://www.youtube.com/watch?v=Cz37iejTsH4)) - * Episode #229: - [7MS #229: Intro to Docker for Pentesters](https://7ms.us/7ms-229-intro-to-docker-for-pentesters/) - ([Youtube](https://youtu.be/WIpxvBpnylI?t=407)) + * Episode #234: + [7MS #234: Pentesting OWASP Juice Shop - Part 5](https://7ms.us/7ms-234-pentesting-owasp-juice-shop-part5/) + ([Youtube](https://www.youtube.com/watch?v=lGVAXCfFwv0)) + * Episode #233: + [7MS #233: Pentesting OWASP Juice Shop - Part 4](https://7ms.us/7ms-233-pentesting-owasp-juice-shop-part-4/) + ([Youtube](https://www.youtube.com/watch?v=1hhd9EwX7h0)) + * Episode #232: + [7MS #232: Pentesting OWASP Juice Shop - Part 3](https://7ms.us/7ms-232-pentesting-owasp-juice-shop-part-3/) + ([Youtube](https://www.youtube.com/watch?v=F8iRF2d-YzE)) + * Episode #231: + [7MS #231: Pentesting OWASP Juice Shop - Part 2](https://7ms.us/7ms-231-pentesting-owasp-juice-shop-part-2/) + ([Youtube](https://www.youtube.com/watch?v=523l4Pzhimc)) + * Episode #230: + [7MS #230: Pentesting OWASP Juice Shop - Part 1](https://7ms.us/7ms-230-pentesting-owasp-juice-shop-part-1/) + ([Youtube](https://www.youtube.com/watch?v=Cz37iejTsH4)) + * Episode #229: + [7MS #229: Intro to Docker for Pentesters](https://7ms.us/7ms-229-intro-to-docker-for-pentesters/) + ([Youtube](https://youtu.be/WIpxvBpnylI?t=407)) ### Walkthroughs