OWASP MSP Chapter May Meeting

We have Bjoern Kimminich speaking this time. He is the leader of the OWASP Juice Project.
OWASP Juice Shop is kind of a "shooting star" among broken web applications. It features over 60(!) vulnerabilities and flaws that you can exploit and learn from. To make sure it does not end as an unmaintainable pile of spaghetti code someday, the project embraces principles and techniques that enhance its long-term sustainability, such as Clean Code, rigorous test automation, a cloud-powered CI/CD pipeline, merciless reporting of quality metrics.

This session will consist of three parts:

1. Introduction into what the OWASP Juice Shop project is

2. Ultra-quick hacking demo on a couple of the Juice Shop’s challenges

3. Behind-the-scenes presentation of antipatterns and best practices in Open Source Software projects

More specifically, in part 3. you will see how

• even a horrible language such as JavaScript can be written in a maintainable manner
• a complete and reliable test suite eliminates the "fear of change" to your code
• automation is the key to increased productivity - even for small open source projects
• free-for-open-source SaaS tools can improve your development process

Where is light, there is shadow! So you will also learn

• about some limitations in the automation processes
• the pain of keeping JavaScript dependencies up to date
• why some 3rd party services have been dropped over the years

Bonus: If the Internet gods are with us, we will even perform a production release of OWASP Juice Shop live during the session!

Bio: Bjoern Kimminich works as an IT architect and application security officer in the logistics industry. On the side, he gives Java lectures to engineering students for a non-profit private university in Germany. Bjoern also is the project leader of the OWASP Juice Shop and a board member for the German OWASP chapter.