Keynotes

Once upon a time, developers and security experts relied on mostly server-side rendered vulnerable applications to train their web hacking skills. In 2014 the Juice Shop entered the stage as one of the first Rich Internet Application representatives.

What started as a personal pet project with two dozen hacking challenges, became an OWASP Flagship project shortly after and grew in size, scope and use case coverage significantly over the years. Join Björn Kimminich on a 10th anniversary tour through the origins, history and evolution of OWASP Juice Shop from 2014 to 2024, including new juicy hacking delicacies as well as some crazy shenanigans happening in and around the project.

About Björn

Björn works as Product Group Lead Application Ecosystem at Kuehne+Nagel, responsible – among other things – for the Application Security program in the corporate IT.

He is an OWASP Lifetime Member, project leader of the OWASP Juice Shop, and a co-chapter leader for the OWASP Germany Chapter. Björn also currently chairs the OWASP Project Committee.

Humans tend to prefer convenience over security, which often leads to unsecure IT configurations and processes. Based on red team engagements in multiple companies of various sizes, these tendencies manifest in similar ways, providing an attacker several quick wins to escalate privileges, move to further servers in the network, and ultimately gain the keys to the kingdom. This talk will present how red teaming works and what common mistakes are exploited by attackers to achieve their goals.

About Yvonne

Yvonne has 6 years of experience in penetration testing and red teaming. She is currently a Senior Red Teamer at Deutsche Telekom Security GmbH.