MultiJuicer is an official part of the Juice Shop OWASP project and the official multi user platform for Juice Shop since end of may 2023. MultiJuicer helps organisations to run interactive security trainings and hackathons which are both fun and very effective in teaching developers about security vulnerabilities in web applications. Ensuring that developers are knowledgeable about security is one of the most important pillars in ensuring the security of your applications. Getting Developers up to speed on security topics is also extremely important to get proper DevSecOps practices started in software development projects.
1. What is MultiJuicer?
MultiJuicer started off in a small hackathon here at iteratec all the way back in 2015, aiming to address these challenges. The goal of the project was to help us run our security trainings more effectively by providing Juice Shop instances to all participants. It allows the trainers to centrally manage Juice Shop instances, automatically spin up new Juice Shop instances when they are needed and automatically delete instances which are no longer used. MultiJuicer also tracks the hacking progress of the participants and has a simple score board to track the progress.
MultiJuicer runs on Kubernetes and can be installed on pretty much any Kubernetes / OpenShift cluster with a single `helm install` command. For more information and documentation check out the MultiJuicer GitHub repository.
2. What is OWASP Juice Shop?
The OWASP Juice Shop is an intentionally vulnerable web application and is widely used for security trainings and Capture the Flag events. It is developed Open Source and is provided to everyone, for free. However, using it for trainings usually requires participants to spin up their own Juice Shop instance, which takes valuable time at the beginning of a training, and may also encounter unexpected problems, like corporate proxies that are blocking the installation.
3. Why we donate MultiJuicer to OWASP
In 2019, we released MultiJuicer as an Open Source project on GitHub and have since then seen a great number of people successfully use MultiJuicer for their own security trainings and some really fun capture the flag events. We are now really happy to announce the next step in the MultiJuicer journey: MultiJuicer is an official part of the OWASP Juice Shop project. 🎉
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software by growing a community of people developing software and documentation to improve software security around the globe. The Juice Shop project is one of its flagship projects and now Multi Juicer is a part of the Juice Shop project.
Today, iteratec has transferred the project from its GitHub organization into the official Juice Shop organization, making MultiJuicer an official part of the Juice Shop project and the official multi-user solution for Juice Shop.
We hope this step will help to increase visibility for the project and help more people to integrate it into their security journey in their organizations!
"This might not seem like a big deal at first glance, but it has more impact than you might think. MultiJuicer was already successful on its own, but coming under the OWASP umbrella makes it obviously more visible to the overall community."