Explanation of Ideas
Juice Shop’s existing Score Board has been rewritten from scratch once when the project moved from AngularJS/Bootstrap to Angular/Material. Since then, new features, filters and information has been added to it over the years. It has grown to a point where it can be confusing for beginners. It also became pretty slow to render over time.
After a big facelift project for all the other UI screens, the Score Board now is the one screen left to require some special attention. As it is the heart and soul of the Juice Shop, any redesign or usability improvements must be thoroughly tested and strive for the best possible user experience.
Juice Shop’s upcoming Vulnerable Code Snippets serve as a foundation for an ambitious new training aspect: Coding challenges. In their current implementation the snippets come with a spoiler area for the actually vulnerable line(s) of code. Instead, they could offer a list of lines from which the user must select the actually vulnerable one, whereas the others simply act as ruses.
It could be extended by a code fixing aspect, where the user must select the right fix from a list of choices. Or even more ambitious, a code editor could be offered where the vulnerable line(s) must actually be fixed, and the code is then executed or statically checked in the background, to see if the vulnerability is gone.
Both parts - finding and fixing - could yield points on the Score Board, where the “hacking” and “coding” challenges could be tracked separately. It should be configurable, if the user must first solve the hacking challenge to be offered the corresponding coding challenge or if they are available all the time. It is even thinkable to provide CTF flags for fixed code, so that hacking and fixing could be both offered as CTF challenges - effectively doubling the number of challenges in a Juice Shop-powered CTF event.
A new feature or improvement of an existing one that makes OWASP Juice Shop even better
Your code follows our existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.
Code that you write comes with automated tests that fit into our available test suites.