Juice Shop project postcard

For conference visitors it would be great to have a postcard or flyer with the basic information, links, logo etc. about the OWASP Juice Shop so they can try it out at home without having to actually remember all this. As the stickers and other merchandise only have the logo and no text or URLs, that’d be even more useful as a marketing tool.

Frontside content

• Main logo (the one without the flag)
• Vanity-URL (http://owasp-juice.shop) maybe also with QR code
• Summary (OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!)
• Twitter Handle (@owasp_juiceshop)
• “Customer” testimonials (The most trustworthy online shop out there. (@dschadow) — The best juice shop on the whole internet! (@shehackspurple) — Actually the most bug-free vulnerable application in existence! (@vanderaj)) presented in some cheesy way

Backside content

• Official URL (https://www.owasp.org/index.php/OWASP_Juice_Shop_Project)
• Main selling points (from https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) for the application project:
  • Free and Open source: Licensed under the MIT license with no hidden costs or caveats
  • Easy-to-install: Choose between node.js, Docker and Vagrant to run on Windows/Mac/Linux
  • Self-contained: Additional dependencies are pre-packaged or will be resolved and downloaded automatically
  • Self-healing: The simple SQLite and MarsDB databases are wiped and repopulated from scratch on every server startup
  • Gamification: The application notifies you on solved challenges and keeps track of successfully exploited vulnerabilities on a Score Board
  • Re-branding: Fully customizable in business context and look & feel to your own corporate or customer requirements
  • CTF-support: Challenge notifications optionally contain a flag code for your own Capture-The-Flag events
• Avatar in lower right corner, maybe with some cheesy remark in comic speech bubble
• ℹ️ The architecture diagram should not appear on the backside (as it offers too little information value to typical Juice Shop users)

Visually separated (small) subsection (on backside)

• Sub-header: Juice Shop CTF Extension
• CTF extension logo
• Summary (The NPM package juice-shop-ctf-cli lets you create an archive compatible with popular CTF-server data backup formats to conveniently set up a Capture the Flag event against OWASP Juice Shop!)
• NPM-Link (https://www.npmjs.com/package/juice-shop-ctf-cli)
• ℹ️ This whole subsection should not take more than 1/4 of the card’s backside space!

Miscellaneous requirements

• Have an “On Sale”-style sticker saying “Free companion guide available at ebook.owasp-juice.shop!”
• Highlight the fact that Juice Shop is an OWASP Flagship Project