SlideShare a Scribd company logo

Michael's OWASP Juice Shop Workshop

GDSC UofT Mississauga
GDSC UofT Mississauga

https://youtu.be/8GUwXpUDWhs Web security workshop 2023-03-24 Michael Pavle on February 21, 2023 Learn more about cybersecurity by exploiting web vulnerabilities and picking apart the OWASP Juice Shop sandbox with GDSC UTM and MCSS. If you'd like to expand your skillset, learn something new, and enjoy some pizza, join us this Friday! Please install Burp Suite Community Edition before attending!

Software
1 of 15
Download to read offline
Exploiting and patching vulnerabilities on the web. WebSecurity
OUTLINEFORTODAY RequiredSoftware Please install Burp Suite if you have not already! 01 OverviewofBurpSuite Tools like Repeater, Intruder, etc. 02 OWASPJuiceShop Attack a live insecure website, fix security bugs 03
InstallBurpSuiteCommunity Edition
InstallBurpSuiteCommunity Edition
WhyUseBurpSuite? ● Keep a log of web traffic ● View and modify HTTP requests/responses on a website ● Suite of tools: ○ Proxy ■ View all traffic routed through the Burp proxy ■ Intercept and modify requests ○ Intruder ■ Brute force HTTP requests by parameters, endpoints, HTTP headers, etc. ○ Repeater ■ Repeating a previous HTTP request with modifications . . .
BurpSuiteProxy The web application response is sent back to the Burp proxy. WebServer Request is sent from the browser to Burp Suite. Allows for the modification of request data. Forwards the request to the web server. BurpSuite Browser
QuickInterceptDemo
Placeanorderthat makesyourich ● Make the shop pay you
User input fields may be used as arguments in an SQL query. If these input fields are not sanitized or validated correctly, an attacker may be able to modify the query maliciously. SQLInjection 9
SQLi-LoginasAdmin ● Analyzing SQL queries and crafting an SQLi string ● Brute forcing SQLi strings with Burp Intruder
SQLInjection OWASP Juice Shop login.ts
Accessthe AdministrationSection ● Find the URL to the administration section
RegisteranAdmin Account ● Find the parameter required to register an admin account ● Craft a registration request with this parameter
Any questions? THANKYOU @gdscutm @utmmcss
This is where you give credit to the ones who are part of this project. ◂ Presentation template by Slidesgo ◂ Icons by Flaticon ◂ Infographics by Freepik ◂ Author introduction slide photo created by Freepik ◂ Text & Image slide photo created by Freepik.com CREDITS

Recommended

Burp suite
Burp suiteBurp suite
Burp suite
penetration Tester
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
NSConclave
 
Performance testing using hp load runner
Performance testing using hp load runnerPerformance testing using hp load runner
Performance testing using hp load runner
Return on Intelligence
 
15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c
MatthewTennant613
 
15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c
AnastaciaShadelb
 
15.3 student guide web application tool time overviewtodays c
15.3 student guide web application tool time overviewtodays c15.3 student guide web application tool time overviewtodays c
15.3 student guide web application tool time overviewtodays c
UMAR48665
 
whats-new_Fireware_v11-10
whats-new_Fireware_v11-10whats-new_Fireware_v11-10
whats-new_Fireware_v11-10
Serhat Cakmakoglu
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101
n|u - The Open Security Community
 

Recommended

Burp suite
Burp suiteBurp suite
Burp suite
penetration Tester
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
NSConclave
 
Performance testing using hp load runner
Performance testing using hp load runnerPerformance testing using hp load runner
Performance testing using hp load runner
Return on Intelligence
 
15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c
MatthewTennant613
 
15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c15.3 Student Guide Web Application Tool TimeOverviewTodays c
15.3 Student Guide Web Application Tool TimeOverviewTodays c
AnastaciaShadelb
 
15.3 student guide web application tool time overviewtodays c
15.3 student guide web application tool time overviewtodays c15.3 student guide web application tool time overviewtodays c
15.3 student guide web application tool time overviewtodays c
UMAR48665
 
whats-new_Fireware_v11-10
whats-new_Fireware_v11-10whats-new_Fireware_v11-10
whats-new_Fireware_v11-10
Serhat Cakmakoglu
 
Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101
n|u - The Open Security Community
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
jayshuklatrainer
 
Programmable infrastructure with FlyScript
Programmable infrastructure with FlyScriptProgrammable infrastructure with FlyScript
Programmable infrastructure with FlyScript
Riverbed Technology
 
A Real Time Web Analytics System
A Real Time Web Analytics SystemA Real Time Web Analytics System
A Real Time Web Analytics System
Mahesh Patwardhan
 
Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"
Fwdays
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
Alexander Penev
 
Putting WebRTC Media in the Cloud
Putting WebRTC Media in the CloudPutting WebRTC Media in the Cloud
Putting WebRTC Media in the Cloud
Dialogic Inc.
 
Browser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBrowser Based Performance Testing and Tuning
Browser Based Performance Testing and Tuning
Bala Murali Krishna Kanchukambala
 
Azure appservice
Azure appserviceAzure appservice
Azure appservice
Raju Kumar
 
Loadrunner Interview quetion & answers
Loadrunner Interview quetion & answersLoadrunner Interview quetion & answers
Loadrunner Interview quetion & answers
Nancy Nelida
 
Mobile Virtualization Management
Mobile Virtualization ManagementMobile Virtualization Management
Mobile Virtualization Management
Yaniv Bronhaim
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoT
Yakov Fain
 
Web Application Technologies
Web Application TechnologiesWeb Application Technologies
Web Application Technologies
Sehan Lee
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
Vi Tính Hoàng Nam
 
L2 and L3 agent restructure
L2 and L3 agent restructureL2 and L3 agent restructure
L2 and L3 agent restructure
Rossella Sblendido
 
DCS and Fieldbus Software installation
DCS and Fieldbus Software installation DCS and Fieldbus Software installation
DCS and Fieldbus Software installation
Ashvani Shukla
 
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web ProxyBinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
DONGJOO HA
 
mini_Project_SRS
mini_Project_SRSmini_Project_SRS
mini_Project_SRS
Vayodya Tamari
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2
Aditya Kamat
 
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenariosDeep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Sajith C P Nair
 
Study Notes - Using an API Gateway
Study Notes - Using an API GatewayStudy Notes - Using an API Gateway
Study Notes - Using an API Gateway
Rick Hwang
 
CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML Workshop
GDSC UofT Mississauga
 
ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and Figma
GDSC UofT Mississauga
 

More Related Content

Similar to Michael's OWASP Juice Shop Workshop

Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"
Fwdays
 
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web ProxyBinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
DONGJOO HA
 

Similar to Michael's OWASP Juice Shop Workshop (20)

A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
 
Programmable infrastructure with FlyScript
Programmable infrastructure with FlyScriptProgrammable infrastructure with FlyScript
Programmable infrastructure with FlyScript
 
A Real Time Web Analytics System
A Real Time Web Analytics SystemA Real Time Web Analytics System
A Real Time Web Analytics System
 
Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"Антон Бойко "Azure Web Apps deep dive"
Антон Бойко "Azure Web Apps deep dive"
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
 
Putting WebRTC Media in the Cloud
Putting WebRTC Media in the CloudPutting WebRTC Media in the Cloud
Putting WebRTC Media in the Cloud
 
Browser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBrowser Based Performance Testing and Tuning
Browser Based Performance Testing and Tuning
 
Azure appservice
Azure appserviceAzure appservice
Azure appservice
 
Loadrunner Interview quetion & answers
Loadrunner Interview quetion & answersLoadrunner Interview quetion & answers
Loadrunner Interview quetion & answers
 
Mobile Virtualization Management
Mobile Virtualization ManagementMobile Virtualization Management
Mobile Virtualization Management
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoT
 
Web Application Technologies
Web Application TechnologiesWeb Application Technologies
Web Application Technologies
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
 
L2 and L3 agent restructure
L2 and L3 agent restructureL2 and L3 agent restructure
L2 and L3 agent restructure
 
DCS and Fieldbus Software installation
DCS and Fieldbus Software installation DCS and Fieldbus Software installation
DCS and Fieldbus Software installation
 
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web ProxyBinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
 
mini_Project_SRS
mini_Project_SRSmini_Project_SRS
mini_Project_SRS
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2
 
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenariosDeep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
 
Study Notes - Using an API Gateway
Study Notes - Using an API GatewayStudy Notes - Using an API Gateway
Study Notes - Using an API Gateway
 

More from GDSC UofT Mississauga

ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and Figma
GDSC UofT Mississauga
 
ChatGPT General Meeting
ChatGPT General MeetingChatGPT General Meeting
ChatGPT General Meeting
GDSC UofT Mississauga
 

More from GDSC UofT Mississauga (20)

CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML Workshop
 
ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and Figma
 
Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023
 
GDSC x Deerhacks - Origami Workshop
GDSC x Deerhacks - Origami WorkshopGDSC x Deerhacks - Origami Workshop
GDSC x Deerhacks - Origami Workshop
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
MCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity WorkshopMCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity Workshop
 
Basics of C
Basics of CBasics of C
Basics of C
 
Discord Bot Workshop Slides
Discord Bot Workshop SlidesDiscord Bot Workshop Slides
Discord Bot Workshop Slides
 
Web Scraping Workshop
Web Scraping WorkshopWeb Scraping Workshop
Web Scraping Workshop
 
Devops Workshop
Devops WorkshopDevops Workshop
Devops Workshop
 
Express
ExpressExpress
Express
 
HTML_CSS_JS Workshop
HTML_CSS_JS WorkshopHTML_CSS_JS Workshop
HTML_CSS_JS Workshop
 
DevOps Workshop Part 1
DevOps Workshop Part 1DevOps Workshop Part 1
DevOps Workshop Part 1
 
Docker workshop GDSC_CSSC
Docker workshop GDSC_CSSCDocker workshop GDSC_CSSC
Docker workshop GDSC_CSSC
 
Back-end (Flask_AWS)
Back-end (Flask_AWS)Back-end (Flask_AWS)
Back-end (Flask_AWS)
 
Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]
 
Git Init (Introduction to Git)
Git Init (Introduction to Git)Git Init (Introduction to Git)
Git Init (Introduction to Git)
 
Database Workshop Slides
Database Workshop SlidesDatabase Workshop Slides
Database Workshop Slides
 
ChatGPT General Meeting
ChatGPT General MeetingChatGPT General Meeting
ChatGPT General Meeting
 
Elon & Twitter General Meeting
Elon & Twitter General MeetingElon & Twitter General Meeting
Elon & Twitter General Meeting
 

Recently uploaded

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 

Recently uploaded (20)

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 

Michael's OWASP Juice Shop Workshop