- Target: OWASP Juice Shop (hosted at
juice-shop.herokuapp.com) - Purpose: To demonstrate penetration testing methodology, vulnerability documentation, and professional reporting skills.
This project documents a simulated penetration test against the OWASP Juice Shop. The goal was to identify and analyze vulnerabilities, assess their potential business impact, and provide clear recommendations for remediation.
The assessment followed a standard penetration testing methodology:
- Reconnaissance: Gathering information about the application and its underlying technology stack.
- Scanning & Enumeration: Using automated tools and manual techniques to identify potential points of entry, services, and vulnerabilities.
- Exploitation: Attempting to exploit identified vulnerabilities to confirm their existence and assess their impact.
- Post-Exploitation: (Not applicable in this scope) Determining the extent of access and potential for lateral movement.
- Reporting: Documenting all findings, providing a risk rating, and detailing remediation steps.
- Burp Suite: For intercepting and modifying HTTP/S traffic.
- OWASP ZAP: For automated scanning and spidering.
- Nmap: For initial port and service enumeration.
- Web Browser Developer Tools: For client-side code inspection.
The full, detailed findings and remediation recommendations are available in the main report file: