Topic 3: Basics of OWASP

Assignment: Injection Testing

Objective:

In this assignnment, you will perform manual injection testing on the vulnerable web application “OWASP Juice Shop” hosted at https://juice-shop.herokuapp.com/#/. Injection testing is a technique used to identify and exploit vulnerabilities that allow attackers to manipulate or execute unintended commands on the application.

Your Role:

  1. Access the OWASP Juice Shop: Open a web browser and go to the URL https://juice-shop.herokuapp.com/  to access the OWASP Juice Shop web application. This application contains various vulnerabilities for testing purposes.
  2. Explore the Application: Spend some time navigating the OWASP Juice Shop website to familiarize yourself with its features and functionalities. Note that this web application is intentionally vulnerable, and you should only perform testing on this specific instance.
  3. Identify Injection Points: Begin by identifying potential injection points on the application. These are areas where user input is processed, such as search fields, login forms, or URL parameters.
  4. Test Case Creation: Create a spreadsheet to document your injection test cases. Each test case should include the following information:
    1. Injection Point: The location on the website where the injection will be attempted (e.g., search field, login form).
    2. Injection Type: The type of injection you will perform (e.g., SQL injection, XSS).
    3. Test Description: A brief description of the test case and the potential vulnerability it aims to exploit.
    4. Expected Result: The expected outcome of the test case (e.g., successful injection, error message).
    5. Actual Result: The actual result observed during testing.
    6. Vulnerability Severity: Rate the severity of the potential vulnerability (e.g., High, Medium, Low).
  5. Perform Injection Tests: Conduct the injection tests based on the test cases you created. Attempt different injection techniques and input data to see if you can trigger any vulnerabilities. Always ensure that you are only testing on the provided OWASP Juice Shop instance and not on any live production systems.
  6. Document Findings: Record your findings and observations in the spreadsheet. Include details of successful injections, error messages, and any other relevant information.

Submission:

Once you have completed the injection testing and filled out the spreadsheet with your findings, save the file in a suitable format (e.g., Excel, CSV). Ensure that the file is organized and easy to understand. Then, submit the file using the submission form located at the bottom of the page where these activity details are displayed.

Note: Always practice responsible testing and refrain from causing any harm to the application or its users. Stick to the provided OWASP Juice Shop instance for testing purposes only. Avoid testing on any live or production websites without explicit permission.

References:

Skip to content