OWASP Juice Shop – Achieving sustainability for open source projects

If you didn’t have the chance to be at the AppSecEU 2017 conference in Belfast or you didn’t make it to my talk there, here’s the official recording:

OWASP Juice Shop is a “shooting star” among broken web applications. To make sure it does not end as a “one-hit wonder”, the project embraces principles and techniques that enhance its sustainability, e.g. Clean Code, TDD, CI/CD, Quality Metrics and Mutation Testing.

In this session you will see how
– even a horrible language such as Javascript can be written in a maintainable manner
– a complete and reliable test suite eliminates the “fear of change”
– automation is a key to increased productivity – even for small open source projects
– free-for-open-source SaaS tools can improve your development process

Where is light, there is shadow! You will also learn
– about some limitations in the automation processes
– the pain keeping Javascript dependencies up to date
– why some 3rd party services had to be dropped

If the Internet gods are with us, we will even perform a production release of OWASP Juice Shop during the session!

You can find the original HTML5 slide deck at http://bkimminich.github.io/juice-shop/appseceu_2017.html. The slightly less fancy PDF-version is available on SlideShare:

OWASP 24/7 Podcast: The Juice Shop Project

During the AppSecEU 2017 conference I was interviewed by Mark Miller for the Less than 10 Minutes Series of the OWASP 24/7 Podcast:

I recommend to subscribe to the podcast, even though Mark deliberately butchers the project’s name as “Juice Box” in this and at least one other episode