Hacking the OWASP Juice Shop
Details
Sponsor: ITS (ICT Services and System Development) invites all participans for lighter food during this workshop. Please state any dietary preferences in the RSVP.
OWASP Juice Shop is an intentionally insecure web app made for pentesting and security awareness trainings.
It was written entirely in the most sophisticated, beautiful and secure language ever conceived by mankind: Javascript! Without any factual proof the Juice Shop claims to have been the first vulnapp using this marvelous technology from frontend straight through to backend!
In this session you will...
• ...learn why and how the Juice Shop was created! (up to 30min)
• ...join Joe Average on a happy customer’s shopping demo (up to 10min)
• ...search and mercilessly exploit vulnerabilities in the application on your own (120min or more depending on your stamina)
• ...thus releasing lots of happiness hormones as more and more achievement notifications light up on your screen! (instantly during hacking)
• ...be demonstrated some of the harder challenge solutions by the author (up to 20min, only for those participants who don't mind spoilers)
Please bring your own laptop with a local installation of OWASP Juice Shop to the workshop! The application can be run locally:
• on node.js
• as a Docker container
• or in a Vagrant VM
Alternatively you can also easily get it to run on a (free) personal Heroku cloud instance. Please follow https://github.com/bkimminich/juice-shop#setup for instructions.
You can also bring all your favorite pentesting tools! Or just your favorite browser with an API testing plugin such as PostMan - or good ol' cURL if you're really hardcore!
All work fine for hacking the Juice Shop! If you are not yet conviced you want to join: There will be an assortment of top-quality laptop stickers for free at the event!
About Björn
In his day job Björn Kimminich is working as an IT Architect and Application Security Officer for Kuehne + Nagel. On the side he is giving Java lectures to engineering students for the non-profit private university Nordakademie. Björn also is the Project Leader of the OWASP Juice Shop and a Board Member in the German OWASP Chapter.