Google Summer of Code 2019 Work Product Submission



OWASP Foundation (Juice Shop Project)

Arpit Agrawal

I am presently pursuing a degree in Computer Science and Engineering, at the Indian Institute of Technology, Dharwad. From the age of fifteen, I have been exploring the field of Computer Security and have developed a strong passion for it. I started in this field, by reading various research papers and blogs, auditing online courses and tutorials and implementing the learned tricks and tools. I even managed to find security vulnerabilities in my college network. An early motivator in my open-source journey was my first commit to the Metasploit Framework. As days progressed, I was introduced to OWASP and Juice Shop then became my major source of learning.

Project Title


Feature Pack 2019

Mentors

Björn Kimminich & Jannik Hollenbach & Shoeb Patel

GitHub
agrawalarpit14



GitLab
agrawalarpit14




agrawal.arpit14@gmail.com

Merged Pull Requests

Repository Link to PRs Description
j  juice-shop View

Implementation of multiple user types
j  juice-shop View

Implementation of stock inventory
j  juice-shop View

Implementation of Accounting user
j  juice-shop View

Implementation of limit on the purchase of specific items
j  juice-shop View

Add address component
j  juice-shop View

Implementation of Payment Method Component
j  juice-shop View

Add Order Summary Page
j  juice-shop View

Add quantity labels
j  juice-shop View

Quantity refactoring
j  juice-shop View

Add Order Confirmation Page
j  juice-shop View

Fix Build, Modify Data Type
j  juice-shop View

Payment component
j  juice-shop View

Implement Delivery methods
j  juice-shop View

Pre-store Addresses and Cards, Change card expiry year range
j  juice-shop View

Implement Order History
j  juice-shop View

Implement Digital Wallet View
j  juice-shop View

Implement Deluxe Membership Purchase View
j  juice-shop View

Make icons green according to the status of an order
j  juice-shop View

Implement Photo wall
j  juice-shop View

Make delivery box image customizable
j  juice-shop View

Merge payment routes
j  juice-shop View

Add memory to data export, add twitter button
j  juice-shop View

Add addresses to recycle component
j  juice-shop View

Deals & Offers for deluxe members
j  juice-shop View

Fix code errors
p  pwning-juice-shop View

Update happy path

Feature Pack 2019

Features

The project can be broken down in terms of the following features.

  1. Stock Inventory : Maintaining stocks of available products in the Juice Shop brings it very close to the realistic scenarios where people are unable to order the desired quantity of goods either due to unavailability or due to restriction on the quantity of an item.
  2. Payment Gateway : With this additional feature, users will be able to pay for their products(no money involved; dummy/fake cards).
  3. Juice Shop Wallet : The wallet provides a convenient and technologically quick method for consumers to purchase products from the Juice Shop.
  4. Delivery methods and Order history : This feature can be added to involve scheduling of events in the juice shop and this also brings it very close to the realistic scenario where people have multiple options to choose for the delivery service(depending on how early they need their products vs how much they are willing to pay).
  5. Juice Shop Deluxe Membership : A feature to provide privileged membership to the users of the juice shop giving them various benefits such as free one-day delivery, no quantity limits on the purchase and special deals and offers in exchange of a membership fee.
  6. Photo Wall and Tweet Button : It allows users registered users to upload their juiciest memories on a photo wall and adding a tweet button to the shop will help it reach to the security enthusiasts all around the world.

Why did I choose this idea for the project?

When I first browsed the Juice Shop idealist the idea seemed to be very interesting and fun in the sense that I was allowed to think features without any restriction and implement them.


As a user of the Juice Shop, I always felt the need of a few features such as a payment gateway and an order history page. I also thought it would be nice to have features such as privileged membership and a wallet which is a growing trend in the e-commerce presently. This motivated me to pursue the project right from the moment I saw it.

Challenges

There were times during the GSoC period where I faced various challenges but I was able to complete it with research, consistency but most importantly with the guidance of my mentors, who were always there for me throughout the GSoC page for which I am grateful. I learned a lot from them, and it was an extremely great experience to work under their mentorship.

Thanking Note

I extend my sincere gratitude to all readers for taking the time to read this report. I would also like to thank everyone who helped me in contributing to the project and honing my skills.