REFERENCES.md

References

Did you write a blog post, magazine article or do a podcast about or mentioning OWASP Juice Shop? Add it to this file and open a PR! The same goes for conference or meetup talks, workshops or trainings you did where this project was mentioned or used!

💡 indicates resources that contain hints for solving challenges of the OWASP Juice Shop. These are supposed to be helpful whenever you get stuck. indicates resources that spoiler entire challenge solutions so you might not want to view them before tackling these challenges yourself! 📣 marks short friendly shout outs. Finally, the 💵 bill marks commercial resources.

Awards 🏆

• Heroku Button of the Month in November 2017 (📷)

Web Links

Pod- & Webcasts

• Webcast recording on 7 Minute Security: DIY $500 Pentest Lab - Part 1 📣
• HackerSploit Youtube channel:
  • How To Install OWASP Juice Shop
  • Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery) 💡
  • Web App Penetration Testing - #14 - Cookie Collection & Reverse Engineering 💡
  • Web App Penetration Testing - #15 - HTTP Attributes (Cookie Stealing) 💡
  • OWASP Juice Shop - SQL Injection
• Application Security Podcast:
  • Episode 4.17: The Joy of the Vulnerable Web: JuiceShop (S04E17)
  • Episode 4.20: Security Culture Hacking: Disrupting the Security Status Quo (S04E20) 📣
• Recorded live streams from the Twitch/Mixer OWASP DevSlop Show:
  • OWASP DevSlop E12 - Juice Shop with Björn Kimminich (Youtube)
• Webcast recording on Signal Sciences: Secure Development Lessons from Purposely Insecure Applications
• 7 Minute Security Podcast:
  • Episode #318: Interview with Bjorn Kimminich of OWASP Juice Shop
  • Shout outs in various episodes: #342, #310, #309, #306 and #282 📣
  • Episode #234: 7MS #234: Pentesting OWASP Juice Shop - Part 5 (Youtube)
  • Episode #233: 7MS #233: Pentesting OWASP Juice Shop - Part 4 (Youtube)
  • Episode #232: 7MS #232: Pentesting OWASP Juice Shop - Part 3 (Youtube)
  • Episode #231: 7MS #231: Pentesting OWASP Juice Shop - Part 2 (Youtube)
  • Episode #230: 7MS #230: Pentesting OWASP Juice Shop - Part 1 (Youtube)
  • Episode #229: 7MS #229: Intro to Docker for Pentesters (Youtube)
• Video tutorial about automating web application security scans with OWASP ZAP using Juice Shop as the tested app: All you need is Zaproxy - Security Testing for WebApps Made Easy
  • Example integration as a Docker Compose script
  • Scan results of the example integration
• Interview on OWASP 24/7 Podcast: Less than 10 Minutes Series: The Juice Shop Project

Blogs & Articles

• Article (:es:) on Medium by Elzer Pineda: Null Byte Attack Juice Shop y algo mas!!
• Blog post on Omer Levi Hevroni's blog: Hacking Juice Shop, the DevSecOps Way
• Blog post on Jannik Hollenbach's blog: Testing out ModSecurity CRS with OWASP JuiceShop
• OWASP Portland Chapter meeting writeup on the Daylight Blog: Vulnerability Hunting Practice Using OWASP Juice Shop
• Blog post on Security Boulevard: From Dev to InfoSec Part 1 – The Journey Begins
• Blog post on Null Byte :: WonderHowTo: Beginner's Guide to OWASP Juice Shop, Your Practice Hacking Grounds for the 10 Most Common Web App Vulnerabilities
• Blog posts on DevelopSec - Developing Better Security:
  • Installing OWASP JuiceShop with Docker (Youtube)
  • Installing OWASP JuiceShop with Heroku (Youtube)
  • Burp Extension – Juice Shop Routes (Youtube)
• Blog posts on Jason Haley - Ramblings from an Independent Consultant:
  • How to Setup OWASP Juice Shop on Azure (Part 1 of 3)
  • Setup OWASP Juice Shop in Web App for Containers (Part 2 of 3)
  • Setup OWASP Juice Shop in Azure Container Instances (Part 3 of 3)
• Blog post on Josh Grossman's blog: Setting up an OWASP Juice Shop CTF
• Blog post on Mozilla Hacks: Hands-On Web Security: Capture the Flag with OWASP Juice Shop
• Blog post (:de:) on heise Developer: Sicherheits-Etikette: Security in der Softwareentwicklung 📣
• Blog Post on Stuart Winter-Tear's Blog: OWASP Juice Shop Vulnerable Webapp (Peerlyst cross-post)
• Blog posts on OWASP Summit 2017:
  • Juice Shop v4.0.0 Live Release
  • Juice Shop's call to pre-summit action
• Vulnerable website collection on Bonkers About Tech: 40+ Intentionally Vulnerable Websites To (Legally) Practice Your Hacking Skills
• Hacking-session writeup on Testhexen: Learning Application Security – Fun with the Juice Shop
• Blog post (:myanmar:) on LOL Security: Juice Shop Walkthrough
• Blog post on IncognitJoe: Hacking(and automating!) the OWASP Juice Shop
  • Automated solving script for the OWASP Juice Shop written in Python as mentioned in above blog post
• Guest post (:de:) on Informatik Aktuell: Juice Shop - Der kleine Saftladen für Sicherheitstrainings
• Guest post on The official Sauce Labs Blog: Proving that an application is as broken as intended
• Teaser post on Björn Kimminich's Blog: Juice Shop

Lectures and Trainings

• Finding Website Vulnerabilities with Burp chapter of the Mastering Kali Linux Network Scanning video course by Brian Johnson 💵
• University lecture on "IT Security" as Open Educational Resources material by Björn Kimminich
• Descargar aqui el taller OWASP Top 10 Hands On basado en OWASP Top 10 y Juice Shop (:es:) by Mateo Martinez, Gerardo Canedo and Maxiimiliano Alonzo, OWASP Uruguay Chapter
• Security in Web Applications by Timo Pagel, Fachhochschule Kiel
• Web Application Security Training by Björn Kimminich

Summits & Open Source Events

• OWASP Juice Shop track and related working sessions organized by Björn Kimminich, Open Security Summit 2019, 03.-07.06.2019
• Student projects from Google Suummer of Code 2018
  • OWASP Juice Shop : Challenge Pack 2018 by Shoeb Patel (mentored by Jannik Hollenbach and Timo Pagel)
  • OWASP Juice Shop : Frontend Technology Update by Aashish Singh (mentored by Björn Kimminich)
• Juice Shop related working sessions organized by Jannik Hollenbach and Timo Pagel in OWASP Projects track, Open Security Summit 2018, 04.-08.06.2018
• Outcome of the Juice Shop track and related working sessions organized by Björn Kimminich and Timo Pagel, OWASP Summit 2017, 12.-16.06.2017

Conference and Meetup Appearances

2019

• Back to Basics: Hacking OWASP JuiceShop by Jeremy Kelso, OWASP Knoxville Chapter Meeting, 24.01.2019

2018

• Secure Your Pipeline by Omer Levi Hevroni, Negev Web Developers Meetup, 27.12.2018 (Slides)
• Juice Shop: OWASP's most broken Flagship by Björn Kimminich, OWASP BeNeLux Days 2018, 30.11.2018 (Youtube 💡)
• OWASP Zap by David Scrobonia, OWASP BeNeLux Days 2018, 30.11.2018 (Youtube)
• The traditional/inevitable OWASP Juice Shop update by Björn Kimminich, German OWASP Day 2018, 20.11.2018 (Youtube)
• Workshop: OWASP Juice Shop by Björn Kimminich, German OWASP Day 2018, 19.11.2018
• OWASP Portland Chapter Meeting - OWASP Juice Shop! facilitated by David Quisenberry, OWASP Portland Chapter, 08.11.2018
• OWASP Juice Shop - Public Lecture by Björn Kimminich, TalTech Infotehnoloogia Kolledž, 24.10.2018 (Youtube starting 14:55)
• JUGHH: Security Hackathon by iteratec, Java User Group Hamburg, 11.10.2018
• Playing with OWASP Juice Shop by Mohammad Febri R, Mozilla Indonesia, 05.08.2018 (Slides)
• OWASP Juice Shop どうでしょう by Manabu Niseki, OWASP Night 2018/7, 30.07.2018
• Usable Security Tooling - Creating Accessible Security Testing with ZAP by David Scrobonia, OWASP Meetup - SF July 2018, 26.07.2018 (Youtube)
• Building an AppSec Program with a Budget of $0: Beyond the OWASP Top 10 by Chris Romeo, OWASP AppSec Europe 2018, 06.07.2018 (Youtube) :mega:
• OWASP Juice Shop: Betreutes Hacken with OWASP Stammtisch Karlsruhe, 04.06.2018
• Hacking Workshop - Twin Cities vs. OWASP Juice Shop with Björn Kimminich, Secure360 Twin Cities, 17.05.2018
• OWASP Juice Shop - The Ultimate Vulnerable WebApp by Björn Kimminich, Secure360 Twin Cities, 16.05.2018
• OWASP MSP Chapter May Meeting with Björn Kimminich, OWASP MSP Meetup St Paul, 14.05.2018
• OWASP Juice Shop - The next chapter ... with Jaan Janesmae, CyberHackathon Tallinn, 30.04.2018
• OWASP Juice Shop Introduction at ChaosTreff Tallinn Weekly Meetup with Björn Kimminich, ChaosTreff Tallinn, 26.04.2018
• OWASP Juice Shop Intro and Getting Started with Jaan Janesmae, CyberHackathon Tallinn, 09.04.2018
• Web Application Security: A Hands-on Testing Challenge by Dan Billing, TestBash Brighton 2018, 15.03.2018
• OWASP Top 10 by Andrew van der Stock, OWASP AppSec California 2018, 30.01.2018 (Youtube starting 25:40)

2017

• OWASP Juice Shop 5.x and beyond by Björn Kimminich, German OWASP Day 2017, 14.11.2017
• OWASP Juice Shop Introduction talk and AppSec Bucharest vs. OWASP Juice Shop hacking workshop by Björn Kimminich, OWASP Bucharest AppSec Conference 2017, 13.10.2017
• 2 Hour Hacking: Juice Shop by Timo Pagel, OWASP Los Angeles, 10.10.2017
• Hacking the OWASP Juice Shop with Björn Kimminich, OWASP North Sweden Chapter, 19.09.2017
• OWASP Juice Shop Workshop with Björn Kimminich, OWASP Stockholm Chapter, 18.09.2017
• Hacking session at Angular Talk & Code with Björn Kimminich, Angular Meetup Hamburg, 13.09.2017
• Capture The Flag - Security Game by Benjamin Brunzel, Jöran Tesse, Rüdiger Heins & Sven Strittmatter, solutions.hamburg, 08.09.2017
• OWASP Juice Shop - Einmal quer durch den Security-Saftladen by Björn Kimminich, solutions.hamburg, 08.09.2017
• Black Box Threat Modeling by Avi Douglen, BSides Tel Aviv 2017, Underground Track, 28.06.2017
• OWASP update by Katy Anton, OWASP Bristol (UK) Chapter, 22.06.2017
• Update on OWASP Projects & Conferences by Sam Stepanyan, OWASP London Chapter Meeting, 18.05.2017
• OWASP Juice Shop: Achieving sustainability for open source projects, AppSec Europe 2017 by Björn Kimminich, 11.05.2017 (Youtube)
• OWASP Juice Shop: Stammtisch-Lightning-Update by Björn Kimminich, 27. OWASP Stammtisch Hamburg, 25.04.2017
• Juice Shop Hacking Session by Jens Hausherr, Software-Test User Group Hamburg, 21.03.2017
• Hands on = Juice Shop Hacking Session by Björn Kimminich, Software Tester Group Hamburg (English-speaking), 16.03.2017
• Kurzvortrag: Hack the Juice Shop by Timo Pagel, PHP-Usergroup Hamburg, 14.02.2017

2016

• Lightning Talk: What's new in OWASP Juice Shop by Björn Kimminich, German OWASP Day 2016, 29.11.2016
• Gothenburg pwns the OWASP Juice Shop by Björn Kimminich, OWASP Gothenburg Day 2016, 24.11.2016
• Hacking the OWASP Juice Shop by Björn Kimminich, OWASP NL Chapter Meeting, 22.09.2016 (Youtube, :godmode: in last 10min)
• Hacking-Session für Developer (und Pentester) by Timo Pagel, Kieler Open Source und Linux Tage, 16.09.2016
• Security-Auditing aus der Cloud – Softwareentwicklung kontinuierlich auf dem Prüfstand by Robert Seedorff & Benjamin Pfänder, SeaCon 2016, 12.05.2016
• Hacking the Juice Shop ("So ein Saftladen!") by Björn Kimminich, JavaLand 2016, 08.03.2016
• Hacking the JuiceShop! ("Hackt den Saftladen!") by Björn Kimminich, node.HH Meetup: Security!, 03.02.2016
• OWASP Top 5 Web-Risiken by Timo Pagel, node.HH Meetup: Security!, 03.02.2016

2015

• Lightning Talk: Hacking the Juice Shop ("So ein Saftladen!") by Björn Kimminich, German OWASP Day 2015, 01.12.2015
• Juice Shop - Hacking an intentionally insecure JavaScript Web Application by Björn Kimminich, JS Unconf 2015, 25.04.2015
• So ein Saftladen! - Hacking Session für Developer (und Pentester) by Björn Kimminich, 17. OWASP Stammtisch Hamburg, 27.01.2015