OWASP Juice Shop is an intentionally vulnerable web application with 110+ hacking challenges covering SQL injection, XSS, and many other real-world vulnerabilities. The talk covers a live demo of the shop's normal functionality followed by demonstrations of exploiting SQL injection and XSS vulnerabilities. Key ecosystem features include: a hacking instructor for guided learning, a scoreboard, full rebranding support via YAML config, Cypress-based end-to-end tests that exploit all challenges, a Grafana monitoring dashboard, and MultiJuicer — a Kubernetes-based platform for running isolated Juice Shop instances per team in workshops. A new 3D animated globe CTF scoreboard visualization is previewed. The maintainers also discuss the growing problem of AI-generated spam pull requests threatening open source sustainability. The tech stack is Node.js/Express/Angular with SQLite, and MultiJuicer is written in Go.
Sort: