Bjoern Kimminich

Tuesday, March 17, 2020

Releasing Juice Shop v10.0.0 live from the beach of Cancun at the OWASP Projects Summit was a really unique event. The summit allowed us to really concentrate on some larger long-term ideas we had.

One of them was harmonizing the UI/UX, especially in the recently extended checkout process. Another was adding more tutorial scripts for the Hacking Instructor that guides beginners through some of the easier challenges in the Juice Shop.

But also some spontaneous ideas were implemented in Mexico, such as a GitHub Action called LMLFTFY (“Let me lint:fix that for you”) that - if necessary - does exactly what the name suggests after each git push .

Juice Shop 10 also contains many other enhancements from before the summit: The Angular 8 to 9 migration; a refactoring of the structure & naming in the customization YAML file format; a brand new Prometheus metrics endpoint that delivers application health stats, “business KPIs” and challenge progress information.

The summit allowed us to really concentrate on some larger long-term ideas we had.

The latter already has one happy consumer: The convenient Kubernetes-based MultiJuicer v3.0.0 platform already adds a fancy Grafana dashboard per Juice Shop instance running on it. The metrics can for example help trainers to keep track of how their students are doing with challenges. They also allow them to provide better technical troubleshooting thanks to real-time log monitoring. Please note that only MultiJuicer 3.x is compatible with Juice Shop 10.x.

As always, you can find the fully updated companion guide to OWASP Juice Shop online and in various eBook formats on LeanPub! Latest additions to Pwning OWASP Juice Shop include: Recommendations on how to teach automation of security tools using OWASP Juice Shop; a guide to writing Hacking Instructor tutorials; Completely renewed customization instructions for making your own Juice Shop theme.











Juice Shop 10 comes with Angular 9, harmonized UI/UX, additional tutorials and much more shenanigans!

One last thing: If you’d like to help us make the Juice Shop even better, please consider filling out our annual online survey and tell us more about your Juice Shop use cases, runtime environment, experience and feedback!