University engagement
Co-authored by Fabio Cerullo
OWASP Juice Shop is an excellent platform for universities to engage students and faculty in practical software security education. This chapter outlines how universities can get involved with the project, particularly targeting software engineering students and professors interested in hands-on learning opportunities.
Why get involved?
Contributing to OWASP Juice Shop offers various educational benefits. Many universities recognize contributions to open-source projects as valid academic work, allowing students to earn course credits by doing so. Furthermore, working on an open source projects provides hands-on involvement in coding, testing, and security best practices. Those benefits could be considered rather generic. OWASP Juice Shop has some unique feats which let it stand out above many other open source projects when it comes to collaboration and involvement.
World-wide usage in enterprises and academia
Juice Shop is used by security professionals, trainers, lecturers, and developers world-wide. Becoming an active contributor to the projects comes with recognition in the industry and provides real value to a massively popular and highly used learning tool. It is especially worth noting, that Juice Shop is already used at many universities in their security curriculae. Thus, improving the project is making it even more long-term useful to professors and lecturers who use it.
Sophisticated automation of quality control
From the get-go the author of OWASP Juice Shop took care to have good test coverage, code linting and other checks available in an automated way. Our CI/CD pipeline makes it quite hard to break functionality of the project accidentally without getting noticed. This is a perfect environment for students to gain experience in and it hopefully also motivates them to write better code and more automated tests themselves.
Areas of contribution
There are many ways for software engineering students to contribute to the project, ranging from small UI fixes to developing entirely new security challenges.
Coding new challenges
Students can contribute by developing new security challenges that demonstrate real-world vulnerabilities. This process typically involves understanding common web application security flaws and implementing the challenge logic in the backend. To provide a complete experience, creators also develop corresponding frontend components and write comprehensive documentation to guide other users through the new challenge.
User interface and frontend development
The frontend of OWASP Juice Shop offers numerous opportunities for improvement and innovation. Contributions in this area might focus on enhancing the user interface for better usability, implementing responsive design features, or improving accessibility for all users. Adding new visual elements for existing or new challenges is also a common way for students with a focus on web design to get involved.
Backend and infrastructure
Backend contributions are vital for the long-term sustainability of the project. This includes API development and optimization, database schema improvements, and the implementation of new security features. Students can also work on performance enhancements to ensure the application remains snappy even as more challenges and features are added over time.
Getting started as a contributor
Taking the first steps towards contributing is straightforward. The first point of reference should always be the contribution guidelines, which provide essential information on the project’s standards and processes. After reviewing the guidelines, students should set up their local development environment by following the instructions in the codebase overview.
Once the environment is ready, joining the community discussions on GitHub is the best way to stay informed and get to know the maintainers. For those looking for a place to start, issues labeled with "good first issue" are specifically curated to be beginner-friendly and provide a smooth introduction to the codebase.
Integrating Juice Shop into the curriculum
Professors and lecturers can leverage OWASP Juice Shop in various ways to enrich their security courses. Assigning contribution tasks as course projects allows students to gain real-world experience while earning academic credit. The platform is also ideally suited for use in security labs and exercises, where students can practice identifying and exploiting vulnerabilities in a safe, controlled environment. Detailed information on how to conduct such trainings can be found in our Trainer’s Guide.
Beyond regular coursework, professors can encourage student-led research on web application vulnerabilities or organize university-wide Capture The Flag (CTF) events using the Juice Shop’s built-in CTF mode. This not only fosters a competitive and fun learning atmosphere but also builds a stronger security community within the university.
Contact and support
For questions about university involvement or academic partnerships, please reach out through the project’s official channels. Technical discussions are best held via GitHub Issues, while the OWASP Juice Shop Slack channel provides a space for more informal community interaction. Please use our officially provided feedback channels preferably, you may also reach out to Björn Kimminich via email directly. We welcome universities of all sizes and encourage diverse participation in making web application security education more accessible to everyone.