This repository showcases a penetration testing project conducted on OWASP Juice Shop, a deliberately vulnerable web application.
The project demonstrates end-to-end penetration testing methodology β from reconnaissance to exploitation β and presents findings in a consulting-style report with risk ratings and remediation steps.
- Apply a structured penetration testing approach.
- Identify and exploit common web application vulnerabilities.
- Provide risk ratings (Critical, High) for each issue.
- Deliver a professional pentest report for recruiters and hiring managers.
- Reconnaissance: Nmap, Gobuster, Subdomain Enumeration
- Exploitation: Burp Suite, Manual Testing
- Documentation: Screenshots, PoC Payloads, PDF Report
- Vulnerabilities Tested: SQL Injection, IDOR, XSS, Broken Authentication
- SQL Injection β Login Bypass [Critical]
- Broken Authentication [Critical]
- Insecure Direct Object Reference (IDOR) [High]
- Cross-Site Scripting (XSS) [High]
| Vulnerability | Severity | Impact |
|---|---|---|
| SQL Injection β Login Bypass | π΄ Critical | Full authentication bypass, admin access |
| Broken Authentication | π΄ Critical | Unauthorized access with weak credentials |
| Insecure Direct Object Reference (IDOR) | π High | Unauthorized access to other users' data |
| Cross-Site Scripting (XSS) | π High | Session hijacking, account takeover |
This assessment was conducted in a controlled lab environment using OWASP Juice Shop, a vulnerable application designed for training.
The work is for educational and portfolio purposes only.
Koustav Parui
Cybersecurity Enthusiast | Penetration Testing | Vulnerability Assessment