M. Riegler J. Sametinger: Mode Switching for Secure Web Applications – A Juice Shop Case Scenario. In: Kotsis G. et al. (eds) Database and Expert Systems Applications - DEXA 2021 Workshops, September 27.-27.2021, DEXA 2021, Communications in Computer and Information Science, vol 1479. Springer, Cham., Doi: 10.1007/978-3-030-87101-7_1.
Switching modes is a general mechanism that is used in many domains. We have suggested to use it for security purposes to make systems more resilient when vulnerabilities are known or when attacks are performed. OWASP provides several vulnerable web applications for testing and training security skills. We have the idea of applying mode switching to one of these applications in order to demonstrate its usefulness in increasing security. We have chosen Juice Shop as our sample application. In this paper (i) we suggest a multi-modal architecture for web applications; (ii) we present Juice Shop as our web application scenario; and (iii) we show first reflections on how mode switching can reduce attack surfaces and, thus, increase resilience.