YoVDO

How to Hack OWASP Juice Shop - A Guided Walkthrough Showing All Solutions

Offered By: YouTube

Tags

Ethical Hacking Courses Cross-Site Scripting (XSS) Courses Web Security Courses Input Validation Courses Secure Coding Practices Courses Broken Access Control Courses Broken Authentication Courses

Course Description

Overview

Embark on a comprehensive 7-hour guided walkthrough of OWASP's Juice Shop, mastering every challenge in this vulnerable web application. Explore a wide range of security vulnerabilities, including improper input validation, sensitive data exposure, XSS attacks, security misconfigurations, unvalidated redirects, and various injection techniques. Progress through increasingly complex challenges, from basic input validation issues to advanced topics like SQL injection, broken authentication, and cryptographic vulnerabilities. Gain hands-on experience in identifying and exploiting security flaws, while learning about proper security measures and best practices in web application development.

Syllabus

★ Zero Stars (Improper Input Validation).
★ Confidential Document (Sensitive Data Exposure).
★ DOM XSS (XSS).
★ Error Handling (Security Misconfiguration).
★ Missing Encoding (Improper Input Validation).
★ Outdated Whitelist (Unvalidated Redirects).
★ Privacy Policy (Miscellaneous).
★ Repetitive Registration (Improper Input Validation).
★ ★ Login Admin (Injection).
★ ★ Classic Stored XSS (XSS).
★ ★ Admin Section (Broken Access Control).
★ ★ Deprecated Interface (Security Misconfiguration).
★ ★ Five Star Feedback (Broken Access Control).
★ ★ Login MC SafeSearch (Sensitive Data Exposure).
★ ★ Password Strength (Broken Authentication).
★ ★ Security Policy (Miscellaneous).
★ ★ View Basket (Broken Access Control).
★ ★ Weird Crypto (Cryptographic Issues).
★ ★ ★ API-Only XSS (XSS).
★ ★ ★ Admin Registration (Improper Input Validation).
★ ★ ★ Björn's Favorite Pet (Broken Authentication).
★ ★ ★ Captcha Bypass (Broken Anti Automation).
★ ★ ★ Client-side XSS Protection (XSS).
★ ★ ★ Database Schema (Injection).
★ ★ ★ Forged Feedback (Broken Access Control).
★ ★ ★ Forged Review (Broken Access Control).
★ ★ ★ GDPR Data Erasure (Broken Authentication).
★ ★ ★ Login Amy (Sensitive Data Exposure).
★ ★ ★ Login Bender (Injection).
★ ★ ★ Login Jim (Injection).
★ ★ ★ Manipulate Basket (Broken Access Control).
★ ★ ★ Payback Time (Improper Input Validation).
★ ★ ★ Privacy Policy Inspection (Security through Obscurity).
★ ★ ★ Product Tampering (Broken Access Control).
★ ★ ★ Reset Jim's Password (Broken Authentication).
★ ★ ★ Upload Size (Improper Input Validation).
★ ★ ★ Upload Type (Improper Input Validation).
★★★★ Access Log (Sensitive Data Exposure).
★★★★ Ephemeral Accountant (SQL-Injection).
★★★★ Expired Coupon (Improper Input Validation).
★★★★ Forgotten Developer Backup (Sensitive Data Exposure).
★★★★ Forgotten Sales Backup (Sensitive Data Exposure).
★★★★ GDPR Data Theft (Sensitive Data Exposure).
★★★★ Legacy Typosquatting (Vulnerable Components).
★★★★ Login Bjoern (Broken Authentication).
★★★★ Misplaced Signature File (Sensitive Data Exposure).
★★★★ Nested Easter Egg (Cryptographic Issues).
★★★★ NoSql Manipulation (Injection).
★★★★★ Change Benders Password (Broken Authentication).
★★★★★ Extra Language (Broken Anti Automation).


Taught by

Hacksplained

Related Courses

Build a Relative Layout App in Android Studio
Coursera Project Network via Coursera
Hacking and Patching
University of Colorado System via Coursera
CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation
LinkedIn Learning
OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)
LinkedIn Learning
PHP: Creating Secure Websites
LinkedIn Learning