Hacking the juice shop - get started with security testing
Half-day workshop - in English
Security testing seems to be viewed as an extremely complicated area where only experts can contribute. In this workshop, we’ll demonstrate that in truth, there’s plenty of things you can do being an expert in security testing.
We have worked in a number of teams where security testing was seen as something you buy as a service from an external vendor and then you try to make sense of the report and hopefully you figure out what to change. After reading a number of those reports, we realized that not only did the same issues keep coming back; they were also things we should be able to check for ourselves on a regular basis instead of paying top dollars for someone else to do it once every year. By introducing just a few new checks into the regular testing of most web applications, we can gain confidence in ourselves and the security of our systems. Bringing in a security expert is of course still valuable, but now we can let them focus on the trickier stuff.
The OWASP Juice Shop is an intentionally insecure web application, as an exercise and training environment for quality engineers and developers of all skill levels. In this workshop, we will use it as our lab environment as we go over the current OWASP Top 10 list of web application risks. We’ll guide you through some handy tricks and tools for solving some of the Juice Shop challenges and reflect on how this can be used in your everyday situations. The focus will be on “low-hanging fruit”, i.e. things that can be done quickly and are easily applied regardless of situation. Hopefully this will leave you with a lot of new ideas, a hunger for learning more and an itch to solve all the challenges of the Juice Shop!
The format will be a variant of a Capture the flag-event where you will be trying out the practices as we go through them.
- Things you can introduce into you regular testing process today
- Introduction to some security testing tools
- You don’t have to be an expert to start!
- Ideas on how to delve deeper once you get comfortable with the basics
Primarily for: Developers, Tester/test leads, UX specialists
Participant requirements: Laptop with browser, owasp zap, postman and a juice shop set up (detailed setup instructions Will be sent out before)