The purpose of this task is to introduce you to a practical cyber security exercise. Often, organisations may ask for a “vulnerability assessment”, or a “penetration test” of their systems. A vulnerability assessment is a systematic approach to examining core assets and measuring whether they pose a threat to the organisation against a set of criteria. A penetration test is where an “attacker” will attempt to gain access to a system, and they will document their process for achieving this.
We will work through the OWASP Juice Shop example using the TryHackMe platform. OWASP (Open Web Application Security Project) publish their Top 10 Web vulnerabilities, and this exercise is designed to showcase these using a known vulnerable example. These vulnerabilities are all too commonly found in real-world web applications, and so these methods are highly relevant. In particular, we will focus on Injection, Broken Authentication, Sensitive Data Exposure, Broken Access Control and Cross-Site Scripting (XSS). More detail on the OWASP Top Ten is available on their webpage: https://owasp.org/www-project-top-ten/
Stage 2: Injection
Stage 3: Broken Authentication
Stage 4: Sensitive Data Exposure
Stage 5: Administration
Stage 6: Cross Site Scripting
Stage 7: Keep going
Thanks to Cake (TryHackMe Member) for hosting the OWASP Juice Shop example room.
Author: Phil Legg