Juice Shop Challenge Refactoring

Track: OWASP Juice Shop
When: Thu AM-1
Where: Montague
Organizers Bjoern Kimminich Bjoern Kimminich
Participants Arpit Agrawal Arpit Agrawal , Jannik Hollenbach Jannik Hollenbach , Martin Rock-Evans Martin Rock-Evans

Why

The Juice Shop offers 85+ hacking challenges spread across 6 difficulty levels. It is time to review their categories and difficulty ratings for overall consistency and possible improvements.

What

  • Discuss the need for more (or less?) challenge categories
    • Map to additional existing vulnerability catalogs
  • Discuss the need for more (or less?) difficulty levels
    • Define criteria to map challenges to difficulties more easily (e.g. “Scripting needed?” or “Multi-step attack required?”)
    • Map the existing challenge to the aligned difficulty levels

Outcomes

This working session can result in e.g.

  • pros and cons of the current categorization and difficulty rating schemes
  • recommendation for new categories (or ones to be removed/merged)
  • recommendation for changes in the difficulty levels
  • mapping to get from the current state to the proposed new state

The documentation of all the above will be put into (or referred to by) a GitHub issue in the Juice Shop repository.

References

Register as participant

To register as participant add Juice Shop Challenge Refactoring to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions