This year OWASP Juice Shop saw several significant enhancements and extensions that you will learn all about in this talk: 2x NoSQL injection and 2x typosquatting challenges! Customization and re-branding of the shop to your own corporate look & feel! Juice Shop CTF extension makes setting up hacking events fast & easy! Free "Pwning the OWASP Juice Shop" eBook surpasses 150 pages of in-depth information, hints and solutions for all challenges and more! At AppSecEU the project was promoted into OWASP's "Lab Projects" maturity stage! You can now 3D-print your own Juice Shop merchandise! And much, much more - actually more than can be demonstrated in this 15min session, so best install the Juice Shop yourself afterwards and explore its capabilities yourself!

1. OWASP Juice Shop
5.x and beyond
German OWASP Day-Update 2017
by /Björn Kimminich @bkimminich
https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
Tweet Follow @owasp_juiceshop Follow @bkimminich Follow @bkimminich 192 Star 587Like 177

2. Logo Facelift (💅)
💅 Because: What could be more important, right? Right?!

3. Maturity Promotion (🎓)
Lab Project
🎓 Review was nalized at the Project Summit during AppSecEU

4. Stats, Stats & Stats (📈)
Juice Shop
downloadsdownloads 1k/total1k/total downloadsdownloads 2k total2k total docker pullsdocker pulls 157k157k contributorscontributors 2222 closed pull requestsclosed pull requests 191191

5. Stats, Stats & Stats (📈)
Juice Shop
downloadsdownloads 1k/total1k/total downloadsdownloads 2k total2k total docker pullsdocker pulls 157k157k contributorscontributors 2222 closed pull requestsclosed pull requests 191191

6. Security Questions (🐹)
🐹 Find out in three new challenges what can go wrong with these fantastic security questions added with 4.x

7. NoSQL Database (📃)
📃 With as an additional NoSQL datastore two new challenges came in with 5.xMarsDB

8. Typosquatting (🔤)
🔤 Two new challenges from 5.x explain how to trick those with a weak mind (but quick ngers)

9. More Languages (🌏)
🌏 Full UI translation available for 17+ languages

10. Less Docker le (📦)
📦 Less meaning reduced image size from 900 to 300 MB

11. ≈500 LeanPub Readers (📖)
📖 Find helpful hints in the eBooko cial companion guide

12. Google Summer of Code (💔)
💔 OWASP unfortunately was not selected as an organization for GSoC 2017

13. OWASP Summit (💚)
💚 At OWASP Summit 2017 there were coding & threat modelling sessions in a dedicated track & villa

14. Logo Variation (🎨)
🎨 But, why create this " -accidentally-pierced-by-straw"-inspired logo?Capri-Sun

15. CTF Extension (🚩)
🚩 Use to set up an event on in 5minjuice-shop-ctf-cli CTFd

16. Frictionless CTFs (🚀)
🚀 Participants use individual server instances anywhere, sharing only a ag code-ctfKey & central score server

17. Re-branding (🎭)
🎭 Fully business context and look & feel for maximum immersioncustomizable

18. Upcoming Release 6.x (🔮)
Two new 🍪JWT-related vulnerabilities...
...bringing the total to ≥48 challenges
Overhaul of the 📍Object-Relational-Mapping...
...and all generated parts of the API
... xing our two oldest open 🐛bugs along the way
Node.js 8.x is the 🆕recommended version...
...but 6.x will continue to work as well
...and on the 🔥-new 9.x it also runs smoothly

19. Beyond Release 6.x (🌌)
Frontend update to 🍭Angular ≥5...
...or something completely di erent
Participate in 🌻Google Summer of Code 2018...
...given OWASP is selected next year
Get Juice Shop 🍾promoted to Flagship Project ...
...at some point in its lifecycle

20. Special Thanks (💖)
(CTFd SQLs🚩 / JWT🍪)
Josh Grossman
(Re-Branding🎭 / 🎶)
Timo Pagel
Loud XSS-Demo
(NoSQL📃 / CTF🌟 / Docker📦 / ORM+📍)
Jannik Hollenbach

21. Special Thanks (💖)
(CTFd SQLs🚩 / JWT🍪)
(Re-Branding🎭 / 🎶)
(NoSQL📃 / CTF🌟 / Docker📦 / ORM+📍)
Josh Grossman
Timo Pagel
Loud XSS-Demo
Jannik Hollenbach

22. Very Special Thanks (💝)
💝 3D-printed Keychain by Viktor Lindström

23. Very Special Thanks (💝)
💝 3D-printed Keychain by Viktor Lindström

24. Finally: Thanks to you for 👂!
Copyright (c) 2017 Björn Kimminich
Licensed under the .MIT license
Created with - The HTML Presentation Frameworkreveal.js

25. Finally: Thanks to you for 👂!
Copyright (c) 2017
Licensed under the .
Created with - The HTML Presentation Framework
Björn Kimminich
MIT license
reveal.js