| Track: | OWASP Juice Shop |
|---|---|
| When: | Thu AM-1 |
| Where: | Montague |
| Organizers | Bjoern Kimminich Bjoern Kimminich |
| Participants | Arpit Agrawal Arpit Agrawal , Jannik Hollenbach Jannik Hollenbach , Martin Rock-Evans Martin Rock-Evans |
Why
The Juice Shop offers 85+ hacking challenges spread across 6 difficulty levels. It is time to review their categories and difficulty ratings for overall consistency and possible improvements.
What
- Discuss the need for more (or less?) challenge categories
- Map to additional existing vulnerability catalogs
- Discuss the need for more (or less?) difficulty levels
- Define criteria to map challenges to difficulties more easily (e.g. “Scripting needed?" or “Multi-step attack required?")
- Map the existing challenge to the aligned difficulty levels
Outcomes
This working session can result in e.g.
- pros and cons of the current categorization and difficulty rating schemes
- recommendation for new categories (or ones to be removed/merged)
- recommendation for changes in the difficulty levels
- mapping to get from the current state to the proposed new state
The documentation of all the above will be put into (or referred to by) a GitHub issue in the Juice Shop repository.
References
Register as participant
To register as participant add Juice Shop Challenge Refactoring to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions