Embark on a comprehensive 7-hour guided walkthrough of OWASP's Juice Shop, mastering every challenge in this vulnerable web application. Explore a wide range of security vulnerabilities, including improper input validation, sensitive data exposure, XSS attacks, security misconfigurations, unvalidated redirects, and various injection techniques. Progress through increasingly complex challenges, from basic input validation issues to advanced topics like SQL injection, broken authentication, and cryptographic vulnerabilities. Gain hands-on experience in identifying and exploiting security flaws, while learning about proper security measures and best practices in web application development.
Overview
Syllabus
★ Zero Stars (Improper Input Validation).
★ Confidential Document (Sensitive Data Exposure).
★ DOM XSS (XSS).
★ Error Handling (Security Misconfiguration).
★ Missing Encoding (Improper Input Validation).
★ Outdated Whitelist (Unvalidated Redirects).
★ Privacy Policy (Miscellaneous).
★ Repetitive Registration (Improper Input Validation).
★ ★ Login Admin (Injection).
★ ★ Classic Stored XSS (XSS).
★ ★ Admin Section (Broken Access Control).
★ ★ Deprecated Interface (Security Misconfiguration).
★ ★ Five Star Feedback (Broken Access Control).
★ ★ Login MC SafeSearch (Sensitive Data Exposure).
★ ★ Password Strength (Broken Authentication).
★ ★ Security Policy (Miscellaneous).
★ ★ View Basket (Broken Access Control).
★ ★ Weird Crypto (Cryptographic Issues).
★ ★ ★ API-Only XSS (XSS).
★ ★ ★ Admin Registration (Improper Input Validation).
★ ★ ★ Björn's Favorite Pet (Broken Authentication).
★ ★ ★ Captcha Bypass (Broken Anti Automation).
★ ★ ★ Client-side XSS Protection (XSS).
★ ★ ★ Database Schema (Injection).
★ ★ ★ Forged Feedback (Broken Access Control).
★ ★ ★ Forged Review (Broken Access Control).
★ ★ ★ GDPR Data Erasure (Broken Authentication).
★ ★ ★ Login Amy (Sensitive Data Exposure).
★ ★ ★ Login Bender (Injection).
★ ★ ★ Login Jim (Injection).
★ ★ ★ Manipulate Basket (Broken Access Control).
★ ★ ★ Payback Time (Improper Input Validation).
★ ★ ★ Privacy Policy Inspection (Security through Obscurity).
★ ★ ★ Product Tampering (Broken Access Control).
★ ★ ★ Reset Jim's Password (Broken Authentication).
★ ★ ★ Upload Size (Improper Input Validation).
★ ★ ★ Upload Type (Improper Input Validation).
★★★★ Access Log (Sensitive Data Exposure).
★★★★ Ephemeral Accountant (SQL-Injection).
★★★★ Expired Coupon (Improper Input Validation).
★★★★ Forgotten Developer Backup (Sensitive Data Exposure).
★★★★ Forgotten Sales Backup (Sensitive Data Exposure).
★★★★ GDPR Data Theft (Sensitive Data Exposure).
★★★★ Legacy Typosquatting (Vulnerable Components).
★★★★ Login Bjoern (Broken Authentication).
★★★★ Misplaced Signature File (Sensitive Data Exposure).
★★★★ Nested Easter Egg (Cryptographic Issues).
★★★★ NoSql Manipulation (Injection).
★★★★★ Change Benders Password (Broken Authentication).
★★★★★ Extra Language (Broken Anti Automation).
Taught by
Hacksplained
