Hacking the Juice Shop ("So ein Saftladen!")

A session at JavaLand 2016

Tuesday 8th March, 2016

2:00pm to 2:40pm (CET)

Juice Shop* (http://bkimminich.github.io/juic...) is an intentionally insecure Web app suitable for pentesting and security awareness trainings written in Node.js, Express and AngularJS. It is the first application written entirely in JavaScript listed in the OWASP Directory. It also seems to be the first broken Web app that uses the currently popular architecture of an SPA/RIA frontend with a RESTful backend.

In this talk I will show why and how the app was created followed by a demo how to hack it. Prepare for some nasty XSS, SQLI and CSRF flaws bundled with some seriously broken access control and business logic - all in one single application!

(*Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the project name. That the initials "JS" match with those of "JavaScript" was purely coincidental!)

About the speaker

This person is speaking at this event.
Björn Kimminich

IT Architect at Kuehne+Nagel, Clean Coder, OWASP Juice Shop Project Leader, Java Lecturer at FH Nordakademie

Coverage of this session

Sign in to add slides, notes or videos to this session

JavaLand 2016

Germany Germany, Brühl

8th10th March 2016

Tell your friends!


Time 2:00pm2:40pm CET

Date Tue 8th March 2016

Session Hash Tag


Short URL


View the schedule



See something wrong?

Report an issue with this session