Hands on Threat Modeling Juice Shop (Deployment & Operations)

Get together to create models (diagrams) of Juice Shop to help us find problems with it, learn threat modelling, and deliver examples. This is all about answering the question of what Juice Shop is and building models of it.


Dinis proposed a set of evening sessions to create threat model artefacts & examples for the Juice Shop vulnerable app.


  • Create models/diagrams that show various aspects of Juice Shop (Model 1: What’s the app?, model 2: How does it get deployed?, Model 3: How is it “developed and maintained”? etc.)
  • Apply various techniques to answer the question “what are we working on?”
  • Through the course of the day, we will look at various ways to slice and model Juice Shop, with a goal of being aligned with other sessions, so you can pop in for a part of the day, and learn a bit of threat modeling.


Synopsis and Takeaways

Following on from the morning session, the deployment and its processes was discussed. This session showcased the Juice Shop dependencies packages and the code to call upon them. The Juice Shop release process was shown in detail. A diagram was created on this process.


  • Solid overview of the continuous integration/deployment pipeline .
  • Diagram created of DevOps overview.
  • Diagram created of the monitoring infrastructure.


The target audience for this Working Session is:

  • Participants in the threat modeling track
  • Participants interested in Juice Shop
  • Those who want to learn to threat model

Working materials


Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here