lab 1

[ssspamqe]

Goal

Perform initial triage, deployment, and security risk assessment of the OWASP Juice Shop (v19.0.0) application as part of the Lab 1 submission.

Changes

• Deployed OWASP Juice Shop using Docker image bkimminich/juice-shop:v19.0.0.
• Configured local access via 127.0.0.1:3000 to minimize network exposure.
• Conducted a surface snapshot to verify core functionalities (Login, Registration, Product Listing).
• Analyzed and documented top 3 security risks:
  • Missing security headers (CSP, HSTS).
  • Vulnerability to SQL Injection in the login form.
  • Use of unencrypted HTTP protocol.a

Testing

• Deployment Verification: Confirmed the container is running and accessible at http://127.0.0.1:3000.
• Health Checks:
  • Verified home page load via browser.
  • Attempted API verification via curl -s http://127.0.0.1:3000/rest/products (noted unexpected path handling).
• Vulnerability Testing:
  • Manually confirmed SQL injection vulnerability by injecting a single quote (') into the login field, which revealed internal database query structures.
  • Inspected HTTP response headers using curl -I to confirm the absence of standard security protections.

Artifacts & Screenshots

• Home Page Presence
• API/Curl Response
• SQL Injection Vulnerability Proof

Checklist

• PR title clearly describes the changes
• Documentation updated if needed
• No secrets or large temporary files included