OWASP Juice Shop

This lesson is to introduce you to a practical web application, and demonstrate some initial cyber security issues that show the website to be vulnerable to attack.

Learning Objectives

Understand how SQL injection and password brute force attacks can be used against the vulnerable website.
Identify vulnerable data storage methods within the website.
Understand different forms of Cross-Site Scripting attacks.

Task

https://owasp.org/www-project-juice-shop/

Online Demo - https://juice-shop.herokuapp.com/#/
Presentation on Juice Shop - https://juice-shop.github.io/juice-shop/#/

What's the Administrator's email address?
What parameter is used for searching?
What show does Jim reference in his review?
Log into the administrator account!
Log into the Bender account!
Bruteforce the Administrator account's password!
Reset Jim's password!
Access the Confidential Document!
Log into MC SafeSearch's account!
Download the Backup file!
Access the administration page!
View another user's shopping basket!
Remove all 5-star reviews!
Perform a DOM XSS!
Perform a persistent XSS!
Perform a reflected XSS!
Access the /#/score-board/ page (provides even more challenges!)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly