[cmsefton]

One of the best resources out there to learn about API hacking has to be OWASP Juice Shop https://owasp.org/www-project-juice-shop/

We ran it as an exercise at work to learn about security vulnerabilities, and it was great fun and highly educational. Really recommend it.

[hellectronic]

Yeah I can confirm this. We did it in our company too and it was really fun!

[KajMagnus]

> did it in our company

How much time did it take? (for one person to do it)

[ineptech]

I'm intrigued, could you elaborate on how you ran it? Was it a one-day event, or something people did in their 10% time, or something else?

[cmsefton]

Sure, we ran it over a couple of months. Generally, people did it in their spare time outside of office hours, or in 10% time. As long as it didn't impact work delivery. Everyone installed it locally using docker, and then we had a centralised server that ran the scoreboard for everyone to share and add their capture the flag tokens. We did a couple of presentations about interesting solutions as well to drum up support.

We did a write-up on our blog if you're interested: https://purplelabs.eagleeye.com/blog/the-hackathon-capture-t...

[ineptech]

Thank you!