| title | layout | altfooter | tab | order | tags |
|---|---|---|---|---|---|
Learning |
true |
true |
4 |
juiceshop |
{% assign tutorials = site.data.challenges | where_exp: "item", "item.tutorial != null" | sort: "tutorial.order" %}
Click on a link in the table below to launch a step-by-step tutorial for that particular challenge on our public https://demo.owasp-juice.shop instance. If you are entirely new to the Juice Shop, we recommend doing them in the listed order. With the (optional) Tutorial Mode you can even enforce that the {{ tutorials.size }} tutorial challenges have to be performed gradually in order to unlock the other {{ site.data.challenges.size | minus: tutorials.size }} challenges.
{% for tutorial in tutorials %} {% endfor %}| Challenge | Category | Difficulty |
|---|---|---|
| {{ tutorial.name }} | {{ tutorial.category }} | {% assign difficulty = tutorial.difficulty | to_integer %} {% for i in (1..difficulty) %}⭐{% endfor %} |
| Coding Challenges | n/a | n/a |
{% assign categories = site.data.challenges | where_exp: "item", "site.data.snippets.challenges contains item.key" | group_by:"category" | sort: "name" %}
For {{ site.data.snippets.challenges.size }} challenges an additional coding challenge is available. In their "Find It" phase they teach
spotting vulnerabilities in the actual codebase of the Juice Shop. In the "Fix It" phase the user then chooses the most appropriate
fix from a list. Solve any of the hacking challenges below to enable a button on the Score Board that launches the corresponding
coding challenge:
| Category | # | Challenges |
|---|---|---|
| {{ category.name }} | {{ category.items.size }} | {{ category.items | group_by:"name" | sort: "name" | map: "name" | join: ", " }} |
| Total Σ | {{ site.data.snippets.challenges.size }} | |
{% assign mitigations = site.data.challenges | group_by:"mitigationUrl" | sort: "name" %}
For many solved challenges links to mitigation techniques are presented on the Score Board by offering a link to a corresponding OWASP Cheat Sheet explaining how to avoid that kind of vulnerability in the first place. The following cheat sheets are referred to by OWASP Juice Shop as mitigation links:
-
{% for mitigation in mitigations %}
{% if mitigation.name and mitigation.name.size != 0 %}
- {{ mitigation.name | remove: "https://cheatsheetseries.owasp.org/cheatsheets/" | remove: ".html" | replace: "_", " " }} {% endif %} {% endfor %}