All Trainings
This workshop is free to attend No training fee. Just grab your free ticket to secure your seat. Capacity is limited, so registration is required.

About This Workshop

The OWASP Juice Shop is the world's most widely used deliberately insecure web application. This is your chance to learn from the person who built it. In this workshop you'll get to use it, break it, and then go behind the scenes to understand how it's developed, tested, and maintained as a thriving open source project.

You'll get hands-on time hacking real vulnerabilities: Broken Access Control, Injection, XSS, Sensitive Data Exposure and more; with guided demos and mob hacking sessions to make sure everyone keeps up. Then Björn flips the script to show you what's running under the hood: the GitHub org, CI/CD pipelines, contributor guidelines, and how the project handles AI-generated spam and slop.

"The runtime of each chapter will be determined by the participants of the workshop, so that you get the most out of the available time. It's your workshop, so you should have the last word about the prioritization and approach!"

Your Trainer

Björn Kimminich
Björn Kimminich
Project Leader OWASP Juice Shop · Product Group Lead at Kuehne+Nagel · OWASP Lifetime Member

Björn works as Product Group Lead Application Ecosystem at Kuehne+Nagel, responsible, among other things, for the Application Security program in the global IT. He is an OWASP Lifetime Member, project leader of the OWASP Juice Shop, and a co-chapter leader for the OWASP Germany Chapter. Björn also currently chairs the OWASP Project Committee.

Workshop Chapters

0
Chapter Zero

Running the Juice Shop

  • What the project is and what it offers
  • Registering for an instance on the MultiJuicer cluster for the workshop
  • How you can run Juice Shop at home after the event
1
Chapter One

Hacking the Juice Shop

  • Learning the basics of common application vulnerabilities (Broken Access Control, Injection, XSS, Sensitive Data Exposure…)
  • Individual hacking time to try solving related challenges
  • Demo walkthroughs so everyone has a chance to catch up
  • Mob hacking sessions to tackle the more difficult challenges together
2
Chapter Two

Building the Juice Shop

  • Overview of the Juice Shop's GitHub org and main repositories
  • Learning about test automation and CI/CD workflows of the project
  • Guidance and rules for contributors and their AI agents
  • How Juice Shop handles the very real problem of AI slop and spam contributions

Who Should Attend

Ready to Hack the Shop?

This workshop is free! A ticket is still required to secure your seat, as capacity is limited.

Register Free