Juice Shop Brainstorming


OWASP Juice Shop Project is an intentionally insecure webapp for security training written entirely in JavaScript and which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express, and AngularJS. The application contains more than 30 challenges of varying difficulty where the user should exploit the underlying vulnerabilities. Apart from being useful for hacker and awareness training, pentesting proxies or security scanners can also use Juice Shop as a “guinea pig” application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs.


Ideas for potential new hacking challenges are currently collected in the OWASP Summit Challenge Pack 2017 milestone on GitHub. In this working session we will brainstorm & design many of the existing - and hopefully several entirely new - challenges that we will be implemented by on-site and remote particpants in the Juice Shop Coding Day and Juice Shop Coding Night sessions. Production release is planned for the final day of the summit in the Juice Shop Release session.

Juice Shop logo Juice Shop Screenshot Slideshow

We will also consider planned functional enhancements of the Juice Shop CTF-extension and its improved integration with CTFd. Ideas for the CTF-extension are currently gathered as enhancement-issues on GitHub.

Juice Shop CTF logo asciicast


This working session will gather, discuss and design the following:

  • GitHub issues for several new challenges in OWASP Juice Shop
  • GitHub issues for new functional enhancements to place challenges in, e.g. user stories like the Order Dashboard and Pomace Recycling(done!)
  • GitHub issues for functional and convenience improvements to the Juice Shop CTF-extension
  • Updated project roadmap for OWASP Juice Shop and its CTF-extension
Juice Shop CTF-Extension
Ready Stories Ready Stories

Synopsis and Takeaways

Preparation of some user stories and new hacking challenges for the Juice Shop Creation of new ideas to implement in the evening sessions Went through github issue list and decided what could be implemented whilst at Summit.


The target audience for this Working Session is:

  • Security professionals
  • Trainers, instructors
  • Developers

Working materials


…add content…

Back to list of all Working Sessions and Tracks

Edit this page here