Juice Shop Challenge Refactoring

Track:OWASP Juice Shop
When:Thu AM-1
OrganizersBjoern Kimminich Bjoern Kimminich
ParticipantsArpit Agrawal Arpit Agrawal , Jannik Hollenbach Jannik Hollenbach , Martin Rock-Evans Martin Rock-Evans


The Juice Shop offers 85+ hacking challenges spread across 6 difficulty levels. It is time to review their categories and difficulty ratings for overall consistency and possible improvements.


  • Discuss the need for more (or less?) challenge categories
    • Map to additional existing vulnerability catalogs
  • Discuss the need for more (or less?) difficulty levels
    • Define criteria to map challenges to difficulties more easily (e.g. “Scripting needed?" or “Multi-step attack required?")
    • Map the existing challenge to the aligned difficulty levels


This working session can result in e.g.

  • pros and cons of the current categorization and difficulty rating schemes
  • recommendation for new categories (or ones to be removed/merged)
  • recommendation for changes in the difficulty levels
  • mapping to get from the current state to the proposed new state

The documentation of all the above will be put into (or referred to by) a GitHub issue in the Juice Shop repository.


Register as participant

To register as participant add Juice Shop Challenge Refactoring to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions