Skip to content

Latest commit

 

History

History
30 lines (23 loc) · 1.19 KB

SECURITY.md

File metadata and controls

30 lines (23 loc) · 1.19 KB

Security Policy

OWASP Juice Shop is an intentionally vulnerable web application, but we still do not want to be suprised by zero day vulnerabilities which are not part of our hacking challenges. We are following the proposed Internet standard https://securitytxt.org so you can find our "security" policy in any running instance of the application at the expected location described in https://tools.ietf.org/html/draft-foudil-securitytxt-06. Finding it is actually one of our hacking challenges!

Supported Versions

We provide security patches for the latest released minor version.

Version Supported
12.4.x
<12.4

Reporting a Vulnerability

For vulnerabilities which are not part of any hacking challenge please contact bjoern.kimminich@owasp.org. In all other cases please contact our shop's "security team" at the address mentioned in the security.txt accessible through the running application.

Instead of fixing reported vulnerabilities we might turn them into hacking challenges! You might receive a reward for reporting a vulnerability that makes it into one of our challenges!