In this workshop you can test your skills in hacking modern web applications against the OWASP Juice Shop! There are 47+ challenge that are waiting to be solved, ranging from simple functional problems and the usual XSS/SQLi issues over severe authentication flaws to multi-step & multi-path attacks against the discount coupons issued by the application! How many challenges can you beat? During the workshop you can get some first-hand hints in case you get stuck. At the end of the workshop there will be a demo of some of the more mindboggling challenges – but only for those, who don’t want to solve them on their own later!
Intended audience: Developers and pentesters with at least basic understanding of common web application vulnerabilities
Skill level: The workshop does not assume an in-depth knowledge of software security.
Requirements:
– laptop with OWASP Juice Shop installed using one of the setups described in https://github.com/bkimminich/juice-shop#setup
– internet browser with some API testing plugin (e.g. PostMan for Chrome)
– (optionally) any kind of pentesting tools
- Let loose your pentesting skills against a 100%-Javascript webapp.
- Experience multi-stage attacks on a modern web application.
- Go way beyong OWASP Top 10-listed vulnerabilities.
About Björn Kimminich
Björn Kimminich works as an IT architect and application security officer for Kuehne + Nagel. On the side, he gives IT Security lectures at the non-profit private university Nordakademie. Kimminich also is the project leader of the OWASP Juice Shop and a board member for the German OWASP chapter.
