Main Content

Hacking the OWASP Juice Shop

About the Talk

September 22, 2016 8:15 PM

Nijmegen, Netherlands

Nijmegen, Netherlands

OWASP Juice Shop* is an intentionally insecure web app suitable for pentesting and security awareness trainings written in Node.js, Express and AngularJS. It is the first application written entirely in JavaScript listed in the OWASP VWA Directory. It also seems to be the first broken web app that uses the currently popular architecture of an SPA/RIA frontend with a RESTful backend.

In this talk I will show why and how the app was created followed by a demo how to hack it. Prepare for some nasty XSS, SQLI and CSRF flaws bundled with some seriously broken access control and business logic - all in one single application!

> *Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name. That the initials "JS" match with those of "JavaScript" was purely coincidental!

Ratings and Recommendations

This Talk hasn't been rated yet. Sign In to rate Talks.

comments powered by Disqus