30 Days of Security Testing – Day Six

The challenge for Day Six is – Explore these sites: Google gruyere; HackYourself First; Ticket Magpie; The BodgeIt store.

I’m going to cheat a bit here as I’m a bit time starved but really want to go back and look at these sites at a later date.

A few months back I started pair-testing The OWASP Juice Shop with Magda Oszer.

Magda is considerably more experienced than I am and has a strong interest in learning security testing tips and techniques. We created our own JuiceShop environment in AWS (which in itself was a cool learning experience) and went to work trying to tick off all of the tasks in the JuiceShop (here’s a handy guide available on LeanPub from the creator of the JuiceShop).

We spent a bit of time climbing through the application using Chrome’s dev tools and found some interesting items (I’m not giving it away – I really think it’s worth having a visit), and were able to hijack cookies, implement SQL injection, XSS attacks and mess with a whole lot of things we shouldn’t have been able to.

It was a lot of fun, some head scratching and some fantastic “ah-ha!” moments.

We were planning on continuing with the JuiceShop then moving on to Google Gruyere, but Magda and I both picked up new roles around the same time and have since been a bit time-strapped to continue (also the timezone difference between New Zealand and Germany posed it’s own issues!).

If you are interested in pair-testing any of these sites please send me a message and we’ll try organise something together


 

Thanks for reading my post and following my progress through the 30 Days of Security Testing.

For more on Security Testing please visit here  or any of my other ramblings visit here

Feel like joining in? Sign into the WeTest Slack group and get involved!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: