Skip to content

Lab 03 Security Misconfiguration

Jump to bottom
Tomas Rosenqvist edited this page Nov 19, 2018 · 4 revisions

Security Misconfiguration

Challenge "Provoke an error that is not very gracefully handled"

Attempt to login with an incorrectly formatted email address

  1. Go to the login form.
  2. Enter ' as the email
  3. Enter any password.
  4. Attempt to log in.
  5. Notice the error message.

Questions

  • What did the error message tell you?
    • If you have time, see if you can provoke error messages in other places or with different input the Juice Shop to see what information you may obtain from the error messages.
  • What is the risk to the Juice Shop in this scenario?
  • What is the risk to a general web app in this type of scenario?

Recommended reading

Clone this wiki locally