Did you write a blog post, magazine article or do a podcast about or mentioning OWASP Juice Shop? Add it to this file and open a PR! The same goes for conference or meetup talks, workshops or trainings you did where this project was mentioned or used!
💡 indicates resources that contain hints for solving challenges of the OWASP Juice Shop. These are supposed to be helpful whenever you get stuck. indicates resources that spoiler entire challenge solutions so you might not want to view them before tackling these challenges yourself! 📣 marks short friendly shout outs. Finally, the 💵 bill marks commercial resources.
- Heroku Button of the Month in November 2017 (📷)
- HackerSploit Youtube channel:
- Application Security Podcast:
- Episode 4.17: The Joy of the Vulnerable Web: JuiceShop (S04E17)
- Episode 4.20: Security Culture Hacking: Disrupting the Security Status Quo (S04E20) 📣
- Recorded live streams from the Twitch/Mixer OWASP DevSlop Show:
- Webcast recording on Signal Sciences: Secure Development Lessons from Purposely Insecure Applications
- 7 Minute Security Podcast:
- Episode #318: Interview with Bjorn Kimminich of OWASP Juice Shop
- Shout outs in various episodes: #342, #310, #309, #306 and #282 📣
- Episode #234: 7MS #234: Pentesting OWASP Juice Shop - Part 5 (Youtube)
- Episode #233: 7MS #233: Pentesting OWASP Juice Shop - Part 4 (Youtube)
- Episode #232: 7MS #232: Pentesting OWASP Juice Shop - Part 3 (Youtube)
- Episode #231: 7MS #231: Pentesting OWASP Juice Shop - Part 2 (Youtube)
- Episode #230: 7MS #230: Pentesting OWASP Juice Shop - Part 1 (Youtube)
- Episode #229: 7MS #229: Intro to Docker for Pentesters (Youtube)
- Video tutorial about automating web application security scans with OWASP ZAP using Juice Shop as the tested app: All you need is Zaproxy - Security Testing for WebApps Made Easy
- Interview on OWASP 24/7 Podcast: Less than 10 Minutes Series: The Juice Shop Project
- Blog post on Omer Levi Hevroni's blog: Hacking Juice Shop, the DevSecOps Way
- Blog post on Jannik Hollenbach's blog: Testing out ModSecurity CRS with OWASP JuiceShop
- OWASP Portland Chapter meeting writeup on the Daylight Blog: Vulnerability Hunting Practice Using OWASP Juice Shop
- Blog post on Security Boulevard: From Dev to InfoSec Part 1 – The Journey Begins
- Blog post on Null Byte :: WonderHowTo: Beginner's Guide to OWASP Juice Shop, Your Practice Hacking Grounds for the 10 Most Common Web App Vulnerabilities
- Blog posts on DevelopSec - Developing Better Security:
- Blog posts on Jason Haley - Ramblings from an Independent Consultant:
- Blog post on Josh Grossman's blog: Setting up an OWASP Juice Shop CTF
- Blog post on Mozilla Hacks: Hands-On Web Security: Capture the Flag with OWASP Juice Shop
- Blog post (:de:) on heise Developer: Sicherheits-Etikette: Security in der Softwareentwicklung 📣
- Blog Post on Stuart Winter-Tear's Blog: OWASP Juice Shop Vulnerable Webapp (Peerlyst cross-post)
- Blog posts on OWASP Summit 2017:
- Vulnerable website collection on Bonkers About Tech: 40+ Intentionally Vulnerable Websites To (Legally) Practice Your Hacking Skills
- Hacking-session writeup on Testhexen: Learning Application Security – Fun with the Juice Shop
- Blog post (:myanmar:) on LOL Security: Juice Shop Walkthrough
- Blog post on IncognitJoe:
Hacking(and automating!) the OWASP Juice Shop
- Automated solving script for the OWASP Juice Shop written in Python as mentioned in above blog post
- Guest post (:de:) on Informatik Aktuell: Juice Shop - Der kleine Saftladen für Sicherheitstrainings
- Guest post on The official Sauce Labs Blog: Proving that an application is as broken as intended
- Teaser post on Björn Kimminich's Blog: Juice Shop
- Finding Website Vulnerabilities with Burp chapter of the Mastering Kali Linux Network Scanning video course by Brian Johnson 💵
- University lecture on "IT Security" as Open Educational Resources material by Björn Kimminich
- Descargar aqui el taller OWASP Top 10 Hands On basado en OWASP Top 10 y Juice Shop (:es:) by Mateo Martinez, Gerardo Canedo and Maxiimiliano Alonzo, OWASP Uruguay Chapter
- Security in Web Applications by Timo Pagel, Fachhochschule Kiel
- Web Application Security Training by Björn Kimminich
- Secure Your Pipeline by Omer Levi Hevroni, Negev Web Developers Meetup, 27.12.2018 (Slides)
- Juice Shop: OWASP's most broken Flagship by Björn Kimminich, OWASP BeNeLux Days 2018, 30.11.2018 (Youtube 💡)
- OWASP Zap by David Scrobonia, OWASP BeNeLux Days 2018, 30.11.2018 (Youtube)
- The traditional/inevitable OWASP Juice Shop update by Björn Kimminich, German OWASP Day 2018, 20.11.2018 (Youtube)
- Workshop: OWASP Juice Shop by Björn Kimminich, German OWASP Day 2018, 19.11.2018
- OWASP Portland Chapter Meeting - OWASP Juice Shop! facilitated by David Quisenberry, OWASP Portland Chapter, 08.11.2018
- OWASP Juice Shop - Public Lecture by Björn Kimminich, TalTech Infotehnoloogia Kolledž, 24.10.2018 (Youtube starting 14:55)
- JUGHH: Security Hackathon by iteratec, Java User Group Hamburg, 11.10.2018
- Playing with OWASP Juice Shop by Mohammad Febri R, Mozilla Indonesia, 05.08.2018 (Slides)
- OWASP Juice Shop どうでしょう by Manabu Niseki, OWASP Night 2018/7, 30.07.2018
- Usable Security Tooling - Creating Accessible Security Testing with ZAP by David Scrobonia, OWASP Meetup - SF July 2018, 26.07.2018 (Youtube)
- Building an AppSec Program with a Budget of $0: Beyond the OWASP Top 10 by Chris Romeo, OWASP AppSec Europe 2018, 06.07.2018 (Youtube) :mega:
- OWASP Juice Shop: Betreutes Hacken with OWASP Stammtisch Karlsruhe, 04.06.2018
- Hacking Workshop - Twin Cities vs. OWASP Juice Shop with Björn Kimminich, Secure360 Twin Cities, 17.05.2018
- OWASP Juice Shop - The Ultimate Vulnerable WebApp by Björn Kimminich, Secure360 Twin Cities, 16.05.2018
- OWASP MSP Chapter May Meeting with Björn Kimminich, OWASP MSP Meetup St Paul, 14.05.2018
- OWASP Juice Shop - The next chapter ... with Jaan Janesmae, CyberHackathon Tallinn, 30.04.2018
- OWASP Juice Shop Introduction at ChaosTreff Tallinn Weekly Meetup with Björn Kimminich, ChaosTreff Tallinn, 26.04.2018
- OWASP Juice Shop Intro and Getting Started with Jaan Janesmae, CyberHackathon Tallinn, 09.04.2018
- Web Application Security: A Hands-on Testing Challenge by Dan Billing, TestBash Brighton 2018, 15.03.2018
- OWASP Top 10 by Andrew van der Stock, OWASP AppSec California 2018, 30.01.2018 (Youtube starting 25:40)
- OWASP Juice Shop 5.x and beyond by Björn Kimminich, German OWASP Day 2017, 14.11.2017
- OWASP Juice Shop Introduction talk and AppSec Bucharest vs. OWASP Juice Shop hacking workshop by Björn Kimminich, OWASP Bucharest AppSec Conference 2017, 13.10.2017
- 2 Hour Hacking: Juice Shop by Timo Pagel, OWASP Los Angeles, 10.10.2017
- Hacking the OWASP Juice Shop with Björn Kimminich, OWASP North Sweden Chapter, 19.09.2017
- OWASP Juice Shop Workshop with Björn Kimminich, OWASP Stockholm Chapter, 18.09.2017
- Hacking session at Angular Talk & Code with Björn Kimminich, Angular Meetup Hamburg, 13.09.2017
- Capture The Flag - Security Game by Benjamin Brunzel, Jöran Tesse, Rüdiger Heins & Sven Strittmatter, solutions.hamburg, 08.09.2017
- OWASP Juice Shop - Einmal quer durch den Security-Saftladen by Björn Kimminich, solutions.hamburg, 08.09.2017
- Black Box Threat Modeling by Avi Douglen, BSides Tel Aviv 2017, Underground Track, 28.06.2017
- OWASP update by Katy Anton, OWASP Bristol (UK) Chapter, 22.06.2017
- Juice Shop and related working sessions, OWASP Summit 2017, 12.-16.06.2017
- Update on OWASP Projects & Conferences by Sam Stepanyan, OWASP London Chapter Meeting, 18.05.2017
- OWASP Juice Shop: Achieving sustainability for open source projects, AppSec Europe 2017 by Björn Kimminich, 11.05.2017 (Youtube)
- OWASP Juice Shop: Stammtisch-Lightning-Update by Björn Kimminich, 27. OWASP Stammtisch Hamburg, 25.04.2017
- Juice Shop Hacking Session by Jens Hausherr, Software-Test User Group Hamburg, 21.03.2017
- Hands on = Juice Shop Hacking Session by Björn Kimminich, Software Tester Group Hamburg (English-speaking), 16.03.2017
- Kurzvortrag: Hack the Juice Shop by Timo Pagel, PHP-Usergroup Hamburg, 14.02.2017
- Lightning Talk: What's new in OWASP Juice Shop by Björn Kimminich, German OWASP Day 2016, 29.11.2016
- Gothenburg pwns the OWASP Juice Shop by Björn Kimminich, OWASP Gothenburg Day 2016, 24.11.2016
- Hacking the OWASP Juice Shop by Björn Kimminich, OWASP NL Chapter Meeting, 22.09.2016 (Youtube, :godmode: in last 10min)
- Hacking-Session für Developer (und Pentester) by Timo Pagel, Kieler Open Source und Linux Tage, 16.09.2016
- Security-Auditing aus der Cloud – Softwareentwicklung kontinuierlich auf dem Prüfstand by Robert Seedorff & Benjamin Pfänder, SeaCon 2016, 12.05.2016
- Hacking the Juice Shop ("So ein Saftladen!") by Björn Kimminich, JavaLand 2016, 08.03.2016
- Hacking the JuiceShop! ("Hackt den Saftladen!") by Björn Kimminich, node.HH Meetup: Security!, 03.02.2016
- OWASP Top 5 Web-Risiken by Timo Pagel, node.HH Meetup: Security!, 03.02.2016
- Lightning Talk: Hacking the Juice Shop ("So ein Saftladen!") by Björn Kimminich, German OWASP Day 2015, 01.12.2015
- Juice Shop - Hacking an intentionally insecure JavaScript Web Application by Björn Kimminich, JS Unconf 2015, 25.04.2015
- So ein Saftladen! - Hacking Session für Developer (und Pentester) by Björn Kimminich, 17. OWASP Stammtisch Hamburg, 27.01.2015