The challenge for Day Six is – Explore these sites: Google gruyere; HackYourself First; Ticket Magpie; The BodgeIt store.
I’m going to cheat a bit here as I’m a bit time starved but really want to go back and look at these sites at a later date.
Magda is considerably more experienced than I am and has a strong interest in learning security testing tips and techniques. We created our own JuiceShop environment in AWS (which in itself was a cool learning experience) and went to work trying to tick off all of the tasks in the JuiceShop (here’s a handy guide available on LeanPub from the creator of the JuiceShop).
We spent a bit of time climbing through the application using Chrome’s dev tools and found some interesting items (I’m not giving it away – I really think it’s worth having a visit), and were able to hijack cookies, implement SQL injection, XSS attacks and mess with a whole lot of things we shouldn’t have been able to.
It was a lot of fun, some head scratching and some fantastic “ah-ha!” moments.
We were planning on continuing with the JuiceShop then moving on to Google Gruyere, but Magda and I both picked up new roles around the same time and have since been a bit time-strapped to continue (also the timezone difference between New Zealand and Germany posed it’s own issues!).
If you are interested in pair-testing any of these sites please send me a message and we’ll try organise something together
Thanks for reading my post and following my progress through the 30 Days of Security Testing.
Feel like joining in? Sign into the WeTest Slack group and get involved!