Juice-shop: Juice Shop project postcard

Created on 12 Apr 2018  ·  5Comments  ·  Source: bkimminich/juice-shop

For conference visitors it would be great to have a postcard or flyer with the basic information, links, logo etc. about the OWASP Juice Shop so they can try it out at home without having to actually remember all this. As the stickers and other merchandise only have the logo and no text or URLs, that'd be even more useful as a marketing tool.

Frontside content

  • Main logo (the one without the flag)
  • Vanity-URL (http://owasp-juice.shop) maybe also with QR code
  • Summary (OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!)
  • Twitter Handle (@owasp_juiceshop)
  • "Customer" testimonials (The most trustworthy online shop out there. (@dschadow) — The best juice shop on the whole internet! (@shehackspurple) — Actually the most bug-free vulnerable application in existence! (@vanderaj)) presented in some cheesy way

Backside content

  • Official URL (https://www.owasp.org/index.php/OWASP_Juice_Shop_Project)
  • Main selling points (from https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) for the application project:

    • Free and Open source: Licensed under the MIT license with no hidden costs or caveats

    • Easy-to-install: Choose between node.js, Docker and Vagrant to run on Windows/Mac/Linux

    • Self-contained: Additional dependencies are pre-packaged or will be resolved and downloaded automatically

    • Self-healing: The simple SQLite and MarsDB databases are wiped and repopulated from scratch on every server startup

    • Gamification: The application notifies you on solved challenges and keeps track of successfully exploited vulnerabilities on a Score Board

    • Re-branding: Fully customizable in business context and look & feel to your own corporate or customer requirements

    • CTF-support: Challenge notifications optionally contain a flag code for your own Capture-The-Flag events

  • Avatar in lower right corner, maybe with some cheesy remark in comic speech bubble
  • ℹ️ _The architecture diagram should _not_ appear on the backside (as it offers too little information value to typical Juice Shop users)_

Visually separated (small) subsection (on backside)

  • Sub-header: _Juice Shop CTF Extension_
  • CTF extension logo
  • Summary (The NPM package juice-shop-ctf-cli lets you create an archive compatible with popular CTF-server data backup formats to conveniently set up a Capture the Flag event against OWASP Juice Shop!)
  • NPM-Link (https://www.npmjs.com/package/juice-shop-ctf-cli)
  • ℹ️ _This whole subsection should not take more than 1/4 of the card's backside space!_

Miscellaneous requirements

  • Have an "On Sale"-style sticker saying _"Free companion guide available at ebook.owasp-juice.shop!"_
  • Highlight the fact that Juice Shop is an _OWASP Flagship Project_
desiglayout good first issue help wanted

Most helpful comment

I could create it during the OWASP Summit.

All 5 comments

I could create it during the OWASP Summit.

This issue has been automatically marked as stale because it has not had recent activity. It will be _closed in two weeks_ if no further activity occurs. :heart: Thank you for your contributions to OWASP Juice Shop!

99designs contest is being wrapped up, designs will be uploaded to OWASP Swag repo afterwards.

This thread has been automatically locked because it has not had recent activity after it was closed. :lock: Please open a new issue for regressions or related bugs.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bkimminich picture bkimminich  ·  7Comments

bkimminich picture bkimminich  ·  8Comments

bkimminich picture bkimminich  ·  4Comments

toptuto picture toptuto  ·  7Comments

bkimminich picture bkimminich  ·  6Comments