diff --git a/content/posts/OWASPJuiceShopDeployingSecuring/Six/index.md b/content/posts/OWASPJuiceShopDeployingSecuring/Six/index.md index 9337209..f14bb33 100644 --- a/content/posts/OWASPJuiceShopDeployingSecuring/Six/index.md +++ b/content/posts/OWASPJuiceShopDeployingSecuring/Six/index.md @@ -76,7 +76,7 @@ The easiest way I know of to try out fiddling with such things is to submit a va I do wonder at this point, though, whether I can do a GET request to the Feedbacks endpoint mentioned earlier. I try just requesting it via cURL, but get an error an invalid token. Presumably, I need to include some header or another for the endpoint to accept it. I'll try again via the dev tools, but first the zero-star rating (just in case I muck something up). I update the rating entry in the replayed request's body to 0 and hit send. Success! The ID on the response to this one is 9, suggesting that the feedback items are indeed stored with sequential IDs. -{{< figure src="Solved_zero_stars.png" title="One down, many to go." alt="A screenshot of the OWASP Juice Shop's challenge completion banner, stating that the "Zero Stars" challenge was completed successfully." >}} +{{< figure src="Solved_zero_stars.png" title="One down, many to go." alt="A screenshot of the OWASP Juice Shop's challenge completion banner, stating that the 'Zero Stars' challenge was completed successfully." >}} ### While I'm Here @@ -244,4 +244,4 @@ For paid training resources, I understand that [Pentester Academy](https://www.p Lastly, if you think this stuff seems pretty neat, and you might like to do it professionally, you could look at becoming a penetration tester. It's not the right path for me, but it might be for you. It generally pays pretty well, and if they get bored with pentesting, pentesters generally seem to be able to go on to high-flying jobs in the cyber defence side of things. Having not done it myself, I can't speak too much to how to go about trying to get in, so I'll point you to Simon Howard's excellent resource on the topic: [Getting Started as a Penetration Tester in NZ (2023 Edition)](https://www.linkedin.com/pulse/getting-started-penetration-tester-nz-2023-edition-simon-howard). Mr Howard is very well respected in the New Zealand security industry, and can be considered reasonably authoritative on the matter. The post is New Zealand-focused, but I imagine a huge amount of the information applies in most countries around the world. By the time you read this, he may well have written a later edition, so it might be worth seeing if you can find that one. -Oh, and last of all but most importantly: **DON'T COMMIT CRIMES**. Use your newfound hacking powers for good, and _always_ get permission (preferably explicit written permission) from the owners & administrators of any system you target, _before_ you take any action against it. Seriously, the difference between criminal acts and a paying job can sometimes be as simple as whether you asked first. If people say no, then move on. There are plenty of targets out there already for you to practice with. \ No newline at end of file +Oh, and last of all but most importantly: **DO NOT COMMIT CRIMES**. Use your newfound hacking powers for good, and _always_ get permission (preferably explicit written permission) from the owners & administrators of any system you target, _before_ you take any action against it. Seriously, the difference between criminal acts and a paying job can sometimes be as simple as whether you asked first. If people say no, then move on. There are plenty of targets out there already for you to practice with. \ No newline at end of file