OWASP Juice Shop

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
JavaScript HacktoberFest Owasp Boilerplates wasp

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
Our great sponsors

  • juice-shop

    OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

    • This is awesome! Convenient for folks who use the Express/Angular stack but conceptual stuff should be pretty universal regardless.

    Wasn't aware of this project at all but found the following links useful for context:

    The actual Juice Shop website can be found at https://juice-shop.herokuapp.com/#/

    and the github link for viewing code is https://github.com/juice-shop/juice-shop/releases/

  • damn-vulnerable-js-sca

    An intentionally vulnerable Javascript app containing notable vulnerabilities in its dependencies.

    • We've been working on an example vulnerable app to showcase vulnerable dependencies in web apps. (Think a CVE in an NPM package.)

    I've been wanting that so that I can test out different security scanning and patching tools, but also actually build a test playground to exploit vulnerable dependencies. (I want to accelerate exploit development for CVEs by making it more standardized.)

    If you have a CVE that you'd like to write a POC exploit scenario for, you can add it to this project quickly and easily with pre-built templates[1]! (Wasp[2] is an awesome project that simplifies web dev tooling complexity.)

    Are there any other projects with similar goals that anybody is aware of? Asking because I couldn't find any, but I'd love to merge efforts if somebody is already doing this!

    0: https://github.com/lunasec-io/damn-vulnerable-js-sca

    1: https://github.com/lunasec-io/damn-vulnerable-js-sca/tree/ma...

    2: https://wasp-lang.dev/

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • wasp

    The fastest way to develop full-stack web apps with React & Node.js.

    • We've been working on an example vulnerable app to showcase vulnerable dependencies in web apps. (Think a CVE in an NPM package.)

    I've been wanting that so that I can test out different security scanning and patching tools, but also actually build a test playground to exploit vulnerable dependencies. (I want to accelerate exploit development for CVEs by making it more standardized.)

    If you have a CVE that you'd like to write a POC exploit scenario for, you can add it to this project quickly and easily with pre-built templates[1]! (Wasp[2] is an awesome project that simplifies web dev tooling complexity.)

    Are there any other projects with similar goals that anybody is aware of? Asking because I couldn't find any, but I'd love to merge efforts if somebody is already doing this!

    0: https://github.com/lunasec-io/damn-vulnerable-js-sca

    1: https://github.com/lunasec-io/damn-vulnerable-js-sca/tree/ma...

    2: https://wasp-lang.dev/

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts