This lesson is to introduce you to a practical web application, and demonstrate some initial cyber security issues that show the website to be vulnerable to attack.
- Understand how SQL injection and password brute force attacks can be used against the vulnerable website.
- Identify vulnerable data storage methods within the website.
- Understand different forms of Cross-Site Scripting attacks.
https://owasp.org/www-project-juice-shop/
- Online Demo - https://juice-shop.herokuapp.com/#/
- Presentation on Juice Shop - https://juice-shop.github.io/juice-shop/#/
- What's the Administrator's email address?
- What parameter is used for searching?
- What show does Jim reference in his review?
- Log into the administrator account!
- Log into the Bender account!
- Bruteforce the Administrator account's password!
- Reset Jim's password!
- Access the Confidential Document!
- Log into MC SafeSearch's account!
- Download the Backup file!
- Access the administration page!
- View another user's shopping basket!
- Remove all 5-star reviews!
- Perform a DOM XSS!
- Perform a persistent XSS!
- Perform a reflected XSS!
- Access the /#/score-board/ page (provides even more challenges!)