Activity 9.2 Demonstrating Web Vulnerabilities

For this activity, we will ask you to demonstrate some common vulnerabilities found in web applications, so you can try to avoid them in your own code. We will do this using the Juice Shop, a NodeJS app with vulnerabilities seeded throughout. This app also includes a list of increasingly difficult challenges.

Our deployment of Juice Shop is at the multi-juicer. This deployment allows multiple users to share the same instance of the juice shop so they can work on the challenges together.

You can find the challenges directly though experimentation, or for a guided experience, jump straight to the score board There, you can select “Show tutorials only”, or see the entire list, broken down by difficulty level (1-star = easy, 2-star = harder, and so on.)

This is a group activity. When you first access the site, it will ask for a team name. You should use “group-n” where “n” is your group number. The first student who gets in will get a passcode, and can share this passcode wiht their group members. Then, team members will have access to the SAME isolated juice shop, where you can work on the challenges.

If you are curious, you can also open the juice shop in LGTM.

We will demonstrate one or two exploits and then turn it over to you. We will open the breakout rooms for 20-30 minutes, and then reconvene.

Report your results at the following Google Poll. Each team should fill out the form exactly once.

Once we reconvene, I will call on a few students and ask them to demonstrate their exploit. As usual, all members of the team should be prepared to respond.