Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
31 lines (23 sloc) 1.15 KB

Security Policy

OWASP Juice Shop is an intentionally vulnerable web application, but we still do not want to be suprised by zero day vulnerabilities which are not part of our hacking challenges. We are following the proposed Internet standard https://securitytxt.org so you can find our "security" policy in any running instance of the application at the expected location described in https://tools.ietf.org/html/draft-foudil-securitytxt-06. Finding it is actually one of our hacking challenges!

Supported Versions

We provide security patches for the latest released minor version.

Version Supported
9.2.x
<9.2

Reporting a Vulnerability

For vulnerabilities which are not part of any hacking challenge please contact bjoern.kimminich@owasp.org. In all other cases please contact our shop's "security team" at the address mentioned in our security.txt file.

Instead of fixing reported vulnerabilities we might turn them into hacking challenges! You might receive a reward for reporting a vulnerability that makes it into one of our challenges!

You can’t perform that action at this time.