Juice Shop Update

Back to list of all Outcomes

The Juice Shop track of the OWASP Summit 2017 was not only a very enjoyable experience but also produced some really tangible output!

In the final morning session on Friday, June 16th I triggered the production release of the v4.0.0 version. It comes with new business functionality, challenges, convenience feats and technical advances!

While the (fully automated) release is underway, I am happy to give an overview of the newly-added features and maybe some participants already want to try and be the first to conquer them? 🥇

You can find the full list of changes in the release notes below:

Incompatible Changes

  • removed support for Node.js 7.x
  • Docker images node7-* consequently are not built any more
  • Snapshot Docker images named *-develop are not built any more. Please use *-snapshot images instead.

Platform Support

  • added support for Node.js 8.x (#332)


  • Users can ask for pomace recycling pickup or delivery of a box to send pomace back in (#243)
  • During registration users now have to pick and answer a security question (#323)
  • Users can now reset their password authenticating with the answer to their security question (#323)
  • Hacking progress is not automatically saved and restored after a server restart (#309)
  • Add awareness training example by @wurstbrot with huge visual and data pricacy impacts (#316, only available when running as Vagrant box. Also available on Youtube: 📺)

OWASP Summit 2017 Challenge Pack

  • Added 3 challenges on security questions (#323)
  • @ViktorLindstroem added 1 challenge on the used JWT secret (#336)


  • Disabled an invalid way to solve the Forged Feedback challenge
  • Postpone websocket event registration until after data creator is finished (#345)


  • Added Hebrew translation (by @avidouglen)
  • Split server-side tests into isolated unit tests (for /routes) and frisby.js-based API tests


  • Several smaller translation updates
  • Provided config quiet.yml (muting most notifications & hiding hints and GitHub ribbon)
  • Provided config juicebox.yml (for those who have a hard time pronouncing jo͞osSHäp)
  • Streamlined README.md documentation (remove duplicate content w/ official owasp.org project page)
  • Added section on Lectures and Trainings to RESOURCES.md
  • Added several blog posts and other coverage

I would like to thank the following awesome summit participants 🏆 for their valuable contributions during or in between the various coding sessions:

Viktor Lindström Avi Douglen Timo Pagel

Kudos also go to

Enjoy hacking the hell out of OWASP Juice Shop v4.0.0! 😈

(Source: Juice Shop v4.0.0 Live Release blog post by Björn Kimminich)

Back to list of all Outcomes

Edit this page here