Skip to main content
Jono's Corner

OWASP Security Workshop 2024

At Udemy we had a two day workshop/game given a couple times a year for anyone who wanted to join. It was a fun way of introducing penetration testing to web application developers.

As a developer we may know to use the right database library that prevents things like an SQL injection, but do we really ever get to experience a real SQL injection?

So we review the top 10 web vulnerabilities, put on our hacker hats and practice penetration testing.

There is a great project called the OWASP Juice Shop that is a modern PHP web app, full of vulnerabilities. Even better, the app has an area that describes specific challenges and keep track of your progress.

juice shop logo

I have adapted my own version of running this workshop. It's low overhead and can be done both as a group and individually self directed. I ran the workshop over a day with the development team while working at Populus. It went well and I got some valuable feedback. I plan to repeat this tradition at future workplaces and will continue to refine it each time.

TODO: post actual workshop instructions here