Björn Kimminich – Gothenburg pwns the OWASP Juice Shop (workshop)

Posted on Updated on

Björn KimminichOWASP Juice Shop is an intentionally insecure web app made for pentesting and security awareness trainings. It as written entirely in the most sophisticated, beautiful and secure language on the planet: Javascript! With reference to the OWASP Vulnerable Web Applications Directory it seems to be the first (intentionally) broken web app published using Express/Angular/Node! In this session you will…

…learn why and how the Juice Shop was created! (25min)

…join Joe Average on a regular customer’s shopping tour! (5min)

…actively search and mercilessly exploit vulnerabilities in the application… (120min)

…thus releasing lots of happiness hormones as more and more achievement notifications light up in bright green! (instantly during hacking)

…be shown some of the harder challenge solutions on stage (10min)

Please bring your own laptop with a local installation of OWASP Juice Shop to the workshop! The application can be run locally on node.js, as a Docker container or in a Vagrant VM: You can also bring all your favorite pentesting tools! Or just your favorite browser! Both works fine for hacking the Juice Shop!

If someone feels like translating ( the application into Swedish before the OWASP Gothenburg Day, I’ll bring a Juice Shop t-shirt to the event and hand it over live on stage! For everyone else, there will be free laptop stickers and also pin-back buttons!

Björn is a “hands-on coding architect” working for over 10 years in the area of software development, IT architecture and application security. His most sophisticated open source work ( is the intentionally insecure web application Juice Shop, which recently became an OWASP Tool Project.