https://github.com/OpenSecuritySummit/oss2019

title        : Juice Shop Challenge Refactoring
type         : working-session
technology   :
track        : OWASP Juice Shop
topics       :
featured     : yes
when_day     : Wed
when_time    : AM-1
room_layout  :
room_id      :
session_slack: https://os-summit.slack.com/messages/CK1D4FCSK
status       : review-content
description  : Refactoring the categories and difficulty ratings of the OWASP Juice Shop challenges
organizers   : Bjoern Kimminich
participants :

WHY

The Juice Shop offers 85+ hacking challenges spread across 6 difficulty levels. It is time to review their categories and difficulty ratings for overall consistency and possible improvements.

What

• Discuss the need for more (or less?) challenge categories

  • Map to additional existing vulnerability catalogs

• Discuss the need for more (or less?) difficulty levels

  • Define criteria to map challenges to difficulties more easily (e.g. "Scripting needed?" or "Multi-step attack required?")

  • Map the existing challenge to the aligned difficulty levels

References

• Current categories with OWASP/CWE mapping

• Current difficulty mapping of all challenges