Did you write a blog post, magazine article or do a podcast about or mentioning OWASP Juice Shop? Add it to this file and open a PR! The same goes for conference or meetup talks, workshops or trainings you did where this project was mentioned or used!
💡 indicates resources that contain hints for solving challenges of the OWASP Juice Shop. These are supposed to be helpful whenever you get stuck. indicates resources that spoiler entire challenge solutions, so you might not want to view them before tackling these challenges yourself! 📣 marks short friendly shout outs. Finally, the 💵 bill marks commercial resources.
- Awards
- Web Links
- Lectures and Trainings
- Summits & Open Source Events
- Conference and Meetup Appearances
- Heroku Button of the Month in November 2017 (📷)
- Heroku Button of the Month in March 2019 (📷)
- OWASP Spotlight - Project 25 - OWASP Juice Shop by Vandana Verma with Björn Kimminich
- Visual application security testing with ZAP and Simon Bennetts #DemoDays by GitHub with Simon Bennetts 📣
- Exploiting an SSRF vulnerability by PinkDraconian 💡
- OWASP Spotlight - Project 20 - OWASP Security Pin by Vandana Verma with Timo Pagel 📣
- People | Process | Technology Podcast (fka "OWASP 24/7 Podcast"):
- Learn Web App Security Penetration Testing with Juice Shop [Free] by Gerald Auger - Simply Cyber
- Web security for web developers with Zaproxy by Simon Bennetts with Eddie Jaoude 📣
- ZAP in Ten with Simon Bennetts
- ZAP in Ten: ADDO Workshop Section 1 - Introduction 📣
- ZAP in Ten: ADDO Workshop Section 3 - Packaged Scans 📣
- ZAP in Ten: ADDO Workshop Section 4 - Intro to Authentication 📣
- ZAP in Ten: ADDO Workshop Section 6 - Standard Auth with JuiceShop
- ZAP in Ten: ADDO Workshop Section 8 - JuiceShop SSO Authentication
- 15min video tutorial by Nick Malcolm: OWASP Juice Shop 101
- Application Security Podcast:
- Episode 7.2: Jannik Hollenbach — Multijuicer: JuiceShop with a side of Kubernetes (YouTube)
- Episode 5.21: Season 5 Finale — A cross section of #AppSec (S05E21) (contains 5 minute AppSec: Björn Kimminich — JuiceShop entirely)
- Episode 5.20: Ronnie Flathers - Security programs big and small 📣
- Episode 5.9: The new JuiceShop, GSOC, and Open Security Summit
- 5 minute AppSec: Björn Kimminich — JuiceShop
- Episode 4.27: Season 4 Finale (S04E27) (snippet from 4.17)
- Episode 4.20: Security Culture Hacking: Disrupting the Security Status Quo (S04E20) 📣
- Episode 4.17: The Joy of the Vulnerable Web: JuiceShop (S04E17)
- Webcast recording on 7 Minute Security: DIY $500 Pentest Lab - Part 1 📣
- Recorded live streams from the Twitch/Mixer OWASP DevSlop Show:
- Webcast recording on Signal Sciences: Secure Development Lessons from Purposely Insecure Applications
- 7 Minute Security Podcast:
- Episode #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle
- Episode #318: Interview with Bjorn Kimminich of OWASP Juice Shop
- Shout outs in various episodes: #347, #342, #310, #309, #306 and #282 📣
- Video tutorial about automating web application security scans with OWASP ZAP using Juice Shop as the tested app: All you need is Zaproxy - Security Testing for WebApps Made Easy
- Article on Cobalt.io Developer Best Practices: Validate User Input
- Blog post (:de:) on Dev-Insider: OWASP Juice Shop lädt zum Hacken ein
- Blog post on OWASP.org by Björn Kimminich: OWASP Juice Shop v10.0.0 released
- 20+ Free Resources To Legally Practice Your Ethical Hacking Skills on eLearnSecurity 📣
- Blog post on The Daily Swig - Cybersecurity news and views: OWASP security projects showcased at All Day DevOps conference
- Blog post on klarsen.net - A Maker's Blog: OWASP Juice Shop SQLi
- White paper by Kelley Bryant: OWASP: Application Security's Best Friend
- Article (:es:) on Medium by Elzer Pineda: Null Byte Attack Juice Shop y algo mas!!
- Blog post on Omer Levi Hevroni's blog: Hacking Juice Shop, the DevSecOps Way
- Blog post on Jannik Hollenbach's blog: Testing out ModSecurity CRS with OWASP JuiceShop
- OWASP Portland Chapter meeting writeup on the Daylight Blog: Vulnerability Hunting Practice Using OWASP Juice Shop
- Blog post on Security Boulevard: From Dev to InfoSec Part 1 – The Journey Begins
- Blog post on Null Byte :: WonderHowTo: Beginner's Guide to OWASP Juice Shop, Your Practice Hacking Grounds for the 10 Most Common Web App Vulnerabilities
- Blog posts on DevelopSec - Developing Better Security:
- Blog posts on Jason Haley - Ramblings from an Independent Consultant:
- Blog post on Josh Grossman's blog: Setting up an OWASP Juice Shop CTF
- Blog post on Mozilla Hacks: Hands-On Web Security: Capture the Flag with OWASP Juice Shop
- Blog post (:de:) on heise Developer: Sicherheits-Etikette: Security in der Softwareentwicklung 📣
- Blog Post on Stuart Winter-Tear's Blog: OWASP Juice Shop Vulnerable Webapp (Peerlyst cross-post)
- Blog posts on OWASP Summit 2017:
- Vulnerable website collection on Bonkers About Tech: 40+ Intentionally Vulnerable Websites To (Legally) Practice Your Hacking Skills
- Hacking-session writeup on Testhexen: Learning Application Security – Fun with the Juice Shop
- Guest post (:de:) on Informatik Aktuell: Juice Shop - Der kleine Saftladen für Sicherheitstrainings
- Guest post on The official Sauce Labs Blog: Proving that an application is as broken as intended
- Teaser post on Björn Kimminich's Blog: Juice Shop
- Courses on the freeCodeCamp.org YouTube channel
- Intro to Semgrep GitHub Learning Lab
- Real World Web Penetration Testing course by Jason Gillam 💵
- Brakeing Down Security Web App Sec Training #1 by Sunny Wear (YouTube)
- Finding Website Vulnerabilities with Burp chapter of the Mastering Kali Linux Network Scanning video course by Brian Johnson 💵
- University lecture on "IT Security" as Open Educational Resources material by Björn Kimminich
- Descargar aqui el taller OWASP Top 10 Hands On basado en OWASP Top 10 y Juice Shop (:es:) by Mateo Martinez, Gerardo Canedo and Maxiimiliano Alonzo, OWASP Uruguay Chapter
- Security in Web Applications by Timo Pagel, Fachhochschule Kiel
- Web Application Security Training by Björn Kimminich
- Juice Shop Track
at Open Security Summit 2020
- OWASP Juice Shop Cocktail Party: Ask us anything! with Björn Kimminich, Jannik Hollenbach & Timo Pagel 15.06.2020 (YouTube)
- OWASP Juice Shop Deep Dive: MultiJuicer with Jannik Hollenbach & Robert Seedorf, 15.06.2020 (YouTube)
- OWASP Juice Shop Deep Dive: Integration with Björn Kimminich, 15.06.2020 (YouTube)
- OWASP Juice Shop Deep Dive: Theming with Björn Kimminich, 15.06.2020 (YouTube)
- OWASP Juice Shop Introduction with Björn Kimminich, 11.06.2020 (YouTube)
- MultiJuicer Introduction with Jannik Hollenbach and Robert Seedorf, 02.06.2020 (YouTube)
- OWASP Juice Shop Introduction with Björn Kimminich, 02.06.2020 (YouTube)
- Drinks with Adversaries: Creating Adversary Trading Cards with Mark Miller at Open Security Summit 2020, 01.06.2020 (YouTube) :mega:
- Selected Project at
OWASP Projects Summit - Winter 2020
with Björn Kimminich, Jannik Hollenbach and Marc Rüttler collaborating on
prepared working packages
and
the
v10.0.0
release, 27.-29.02.2020 - OWASP Juice Shop track and related working sessions organized by Björn Kimminich, Open Security Summit 2019, 03.-07.06.2019
- Juice Shop related working sessions organized by Jannik Hollenbach and Timo Pagel in OWASP Projects track, Open Security Summit 2018, 04.-08.06.2018
- Outcome of the Juice Shop track and related working sessions organized by Björn Kimminich and Timo Pagel, OWASP Summit 2017, 12.-16.06.2017
- Student project from
Google Summer of Code 2022
- Replacement for Protractor end-to-end & Frisby API test suite to Cypress by Shubham Palriwala (mentored by Jannik Hollenbach and Björn Kimminich)
- Student project from
Google Summer of Code 2021
- Extending the features of the vulnerable code snippets by Ayas Behera (mentored by Jannik Hollenbach and Björn Kimminich)
- Student project from
Google Summer of Code 2020
- Juice-Shop ChatBot and general fixes by Mohit Sharma (mentored by Jannik Hollenbach, Björn Kimminich and Timo Pagel)
- Student project from
Google Summer of Code 2019
- OWASP Juice Shop: Feature Pack 2019 by Arpit Agrawal (mentored by Jannik Hollenbach, Björn Kimminich and Shoeb Patel)
- Student projects from
Google Summer of Code 2018
- OWASP Juice Shop : Challenge Pack 2018 by Shoeb Patel (mentored by Jannik Hollenbach and Timo Pagel)
- OWASP Juice Shop : Frontend Technology Update by Aashish Singh (mentored by Björn Kimminich)
Upcoming events are marked with 📅. The availability of link destinations for past events cannot be guaranteed.
- 📅 How Vulnerable is Juice Shop? A Secure Code Review of Insecure Code by Joshua Beck, National Cyber Summit 2023. 20.09.2023
- 📅 Track keynote: OWASP Juice Shop by Björn Kimminich, Sikkerhetsfestivalen 2023. 29.08.2023
- 📅 Juice Shop Update³ by Björn Kimminich, German OWASP Day 2023. 31.05.2023
- 📅 Juice Shop Training: Train the Trainer Edition with Björn Kimminich, German OWASP Day 2023. 30.05.2023
- OWASP Juice Shop by Björn Kimminich, April 2023 OWASP Chapter Netherlands Meetup, 20.04.2023 YouTube
- Squeezing the last drop out of OWASP Juice Shop by Björn Kimminich, OWASP 2023 Global AppSec Dublin, 15.02.2023 YouTube
- OWASP Juice Shop Project by Björn Kimminich, OWASP Global AppSec EU, 10.06.2022 (YouTube)
- Juice Shop 13: Now with Coding Challenges! by Björn Kimminich, 58. OWASP Stammtisch Hamburg, 13.01.2022
- OWASP Juice Shop Flagship Project by Björn Kimminich, OWASP 20th Anniversary Event, 24.09.2021 (YouTube )
- SDLC con OWASP y laboratorio con OWASP Juice Shop (:uruguay:) with Martín Marsicano and Pablo Alzuri, OWASP Uruguay Chapter, 19.08.2021 YouTube
- Talking Juice Shop and Maintaining a Flagship OWASP Project with Björn Kimminich , OWASP Northern Virginia Chapter, 07.07.2021 (YouTube)
- OWASP Aarhus Chapter Worskhop and CTF with Björn Kimminich, OWASP Aarhus Chapter, 06.05.2021
- Modern Web Application Hacking for Beginners, virtual 4h diversity training by Björn Kimminich, OWASP Training Events 2021 - 2020 SOS Re-run, 26.01.2021
- FPs are Cheap. Show me the CVEs! by Bas van Schaik & Kevin Backhouse, Black Hat Europe 2020, 09.12.2020
- Juice Shop 12: Novelties by the litre (Online) by Björn Kimminich, 48. OWASP Stammtisch Hamburg, 24.11.2020 (YouTube)
- Modern Web Application Hacking for Beginners, virtual 4h diversity training by Björn Kimminich, AppSec Days - Summer of Security 2020, 25.08.2020
- OWASP Projects Panel hosted by OWASP WIA moderated by Zoe Braiterman with panelists Bjoern Kimminich, Glenn & Riccardo ten Cate and Spyros Gasteratos, 25.07.2020 (YouTube)
- OWASP ZAP Intro (Online) by Simon Bennetts, 48. OWASP Stammtisch Hamburg, 23.04.2020 (YouTube) 📣
- ZAP in Ten, Extended Edition: Automation Deepdive by Simon Bennetts, All Day DevOps Spring Break Edition, 17.04.2020 💡
- Juice Shop 9: Would you like a free refill? by Björn Kimminich, German OWASP Day 2019, 10.12.2019 (YouTube 💡)
- S' OWASP Saft-Lädeli / The OWASP Juice Shop by Björn Kimminich, OWASP Switzerland Chapter Meeting, 18.11.2019
- OWASP Juice Shop: The ultimate All Vuln WebApp by Björn Kimminich, All Day DevOps, 06.11.2019 (YouTube 💡)
- Juice Shop by Björn Kimminich, Project Showcase track of the Global AppSec Amsterdam 2019, 26.09.2019 (YouTube : bulb:)
- Elbsides vs. Juice Shop workshop with Björn Kimminich, Elbsides 2019, 16.09.2019
- Introduction to OWASP Juice Shop by Tim Corless-Carter, BSidesMCR 2019, 29.08.2019 (YouTube )
- JavaScript-Security: "Pwn" den Juice Shop workshop with Timo Pagel & Björn Kimminich, enterJS 2019, 25.06.2019
- Web Application Hacking with Burp Suite and OWASP ZAP training with Vandana Verma, Global Appsec Tel Aviv 2019, 28.05.2019
- A good first impression can work wonders: creating AppSec training that developers <3 by Leif Dreizler, LocoMocoSec 2019, 18.04.2019
- Pixels vs. Juice Shop workshop with Björn Kimminich, Pixels Camp v3.0, 21.03.2019
- OWASP Juice Shop - First you :-D :-D then you :,-( by Björn Kimminich, Pixels Camp v3.0, 21.03.2019 (YouTube : bulb:)
- News from the fruit press: Juice Shop 8 by Björn Kimminich, 39. OWASP Stammtisch Hamburg, 27.02.2019
- Back to Basics: Hacking OWASP JuiceShop by Jeremy Kelso, OWASP Knoxville Chapter Meeting, 24.01.2019
- Secure Your Pipeline by Omer Levi Hevroni, Negev Web Developers Meetup, 27.12.2018 (Slides)
- Juice Shop: OWASP's most broken Flagship by Björn Kimminich, OWASP BeNeLux Days 2018, 30.11.2018 (YouTube 💡)
- OWASP Zap by David Scrobonia, OWASP BeNeLux Days 2018, 30.11.2018 (YouTube)
- The traditional/inevitable OWASP Juice Shop update by Björn Kimminich, German OWASP Day 2018, 20.11.2018 (YouTube)
- Workshop: OWASP Juice Shop by Björn Kimminich, German OWASP Day 2018, 19.11.2018
- OWASP Portland Chapter Meeting - OWASP Juice Shop! facilitated by David Quisenberry, OWASP Portland Chapter, 08.11.2018
- OWASP Juice Shop - Public Lecture by Björn Kimminich, TalTech Infotehnoloogia Kolledž, 24.10.2018 (YouTube starting 14:55)
- JUGHH: Security Hackathon by iteratec, Java User Group Hamburg, 11.10.2018
- Playing with OWASP Juice Shop by Mohammad Febri R, Mozilla Indonesia, 05.08.2018 (Slides)
- OWASP Juice Shop どうでしょう by Manabu Niseki, OWASP Night 2018/7, 30.07.2018
- Usable Security Tooling - Creating Accessible Security Testing with ZAP by David Scrobonia, OWASP Meetup - SF July 2018, 26.07.2018 (YouTube)
- Building an AppSec Program with a Budget of $0: Beyond the OWASP Top 10 by Chris Romeo, OWASP AppSec Europe 2018, 06.07.2018 (YouTube) :mega:
- OWASP Juice Shop: Betreutes Hacken with OWASP Stammtisch Karlsruhe, 04.06.2018
- Hacking Workshop - Twin Cities vs. OWASP Juice Shop with Björn Kimminich, Secure360 Twin Cities, 17.05.2018
- OWASP Juice Shop - The Ultimate Vulnerable WebApp by Björn Kimminich, Secure360 Twin Cities, 16.05.2018
- OWASP MSP Chapter May Meeting with Björn Kimminich, OWASP MSP Meetup St Paul, 14.05.2018
- OWASP Juice Shop - The next chapter ... with Jaan Janesmae, CyberHackathon Tallinn, 30.04.2018
- OWASP Juice Shop Introduction at ChaosTreff Tallinn Weekly Meetup with Björn Kimminich, ChaosTreff Tallinn, 26.04.2018
- OWASP Juice Shop Intro and Getting Started with Jaan Janesmae, CyberHackathon Tallinn, 09.04.2018
- Web Application Security: A Hands-on Testing Challenge by Dan Billing, TestBash Brighton 2018, 15.03.2018
- OWASP Top 10 by Andrew van der Stock, OWASP AppSec California 2018, 30.01.2018 (YouTube starting 25:40)
- OWASP Juice Shop 5.x and beyond by Björn Kimminich, German OWASP Day 2017, 14.11.2017
- OWASP Juice Shop Introduction talk and AppSec Bucharest vs. OWASP Juice Shop hacking workshop by Björn Kimminich, OWASP Bucharest AppSec Conference 2017, 13.10.2017
- 2 Hour Hacking: Juice Shop by Timo Pagel, OWASP Los Angeles, 10.10.2017
- Hacking the OWASP Juice Shop with Björn Kimminich, OWASP North Sweden Chapter, 19.09.2017
- OWASP Juice Shop Workshop with Björn Kimminich, OWASP Stockholm Chapter, 18.09.2017
- Hacking session at Angular Talk & Code with Björn Kimminich, Angular Meetup Hamburg, 13.09.2017
- Capture The Flag - Security Game by Benjamin Brunzel, Jöran Tesse, Rüdiger Heins & Sven Strittmatter, solutions.hamburg, 08.09.2017
- OWASP Juice Shop - Einmal quer durch den Security-Saftladen by Björn Kimminich, solutions.hamburg, 08.09.2017
- Black Box Threat Modeling by Avi Douglen, BSides Tel Aviv 2017, Underground Track, 28.06.2017
- OWASP update by Katy Anton, OWASP Bristol (UK) Chapter, 22.06.2017
- Update on OWASP Projects & Conferences by Sam Stepanyan, OWASP London Chapter Meeting, 18.05.2017
- OWASP Juice Shop: Achieving sustainability for open source projects , AppSec Europe 2017 by Björn Kimminich, 11.05.2017 (YouTube)
- OWASP Juice Shop: Stammtisch-Lightning-Update by Björn Kimminich, 27. OWASP Stammtisch Hamburg, 25.04.2017
- Juice Shop Hacking Session by Jens Hausherr, Software-Test User Group Hamburg , 21.03.2017
- Hands on = Juice Shop Hacking Session by Björn Kimminich, Software Tester Group Hamburg (English-speaking), 16.03.2017
- Kurzvortrag: Hack the Juice Shop by Timo Pagel, PHP-Usergroup Hamburg, 14.02.2017
- Lightning Talk: What's new in OWASP Juice Shop by Björn Kimminich, German OWASP Day 2016, 29.11.2016
- Gothenburg pwns the OWASP Juice Shop by Björn Kimminich, OWASP Gothenburg Day 2016, 24.11.2016
- Hacking the OWASP Juice Shop by Björn Kimminich, OWASP NL Chapter Meeting, 22.09.2016 (YouTube, :godmode: in last 10min)
- Hacking-Session für Developer (und Pentester) by Timo Pagel, Kieler Open Source und Linux Tage, 16.09.2016
- Security-Auditing aus der Cloud – Softwareentwicklung kontinuierlich auf dem Prüfstand by Robert Seedorff & Benjamin Pfänder, SeaCon 2016, 12.05.2016
- Hacking the Juice Shop ("So ein Saftladen!") by Björn Kimminich, JavaLand 2016, 08.03.2016
- Hacking the JuiceShop! ("Hackt den Saftladen!") by Björn Kimminich, node.HH Meetup: Security!, 03.02.2016
- OWASP Top 5 Web-Risiken by Timo Pagel, node.HH Meetup: Security!, 03.02.2016
- Lightning Talk: Hacking the Juice Shop ("So ein Saftladen!") by Björn Kimminich, German OWASP Day 2015, 01.12.2015
- Juice Shop - Hacking an intentionally insecure JavaScript Web Application by Björn Kimminich, JS Unconf 2015, 25.04.2015
- So ein Saftladen! - Hacking Session für Developer (und Pentester) by Björn Kimminich, 17. OWASP Stammtisch Hamburg, 27.01.2015
- How to try GitHub Advanced Security with your team uses Juice Shop as an example for CI/CD integration in Code scanning in action with Juice Shop