Challenge:
Name: Expired Coupon
Description: Successfully redeem an expired campaign coupon code.
Difficulty: 4 star
Category: Improper Input Validation
Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html
Read MoreChallenge:
Name: Reset Bender’s Password
Description: Reset Bender’s password via the Forgot Password mechanism with the original answer to his security question.
Difficulty: 4 star
Category: Broken Authentication
Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html
Read MoreChallenge:
Name: Steganography
Description: Rat out a notorious character hiding in plain sight in the shop. (Mention the exact name of the character)
Difficulty: 4 star
Category: Security Through Obscurity
Expanded Description: https://pwning.owasp-juice.shop/part2/security-through-obscurity.html
Read MoreChallenge:
Name: Nested Easter Egg
Description: Apply some advanced cryptanalysis to find the real easter egg.
Difficulty: 4 star
Category: Cryptographic Issues
Expanded Description: https://pwning.owasp-juice.shop/part2/cryptographic-issues.html
Read MoreChallenge:
Name: Login Support Team
Description: Log in with the support team’s original user credentials without applying SQL Injection or any other bypass.
Difficulty: 6 star
Category: Security Misconfiguration
Expanded Description: https://pwning.owasp-juice.shop/part2/security-misconfiguration.html
Read MoreChallenge:
Name: Vulnerable Library
Description: Inform the shop about a vulnerable library it is using. (Mention the exact library name and version in your comment)
Difficulty: 4 star
Category: Vulnerable Components
Expanded Description: https://pwning.owasp-juice.shop/part2/vulnerable-components.html
Read MoreChallenge:
Name: Christmas Special
Description: Order the Christmas special offer of 2014.
Difficulty: 4 star
Category: Injection
Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html
Read MoreChallenge 1:
Name: Poison Null Byte
Description: Bypass a security control with a Poison Null Byte to access a file not meant for your eyes.
Difficulty: 4 star
Category: Improper Input Validation
Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html
Challenges 2-5:
Name: Easter Egg, Forgotten Developer Backup, Forgotten Sales Backup, and Misplaced Signature File
Read MoreThe last of the 3 star challenges!
Challenge:
Name: Manipulate Basket
Description: Put an additional product into another user’s shopping basket
Difficulty: 3 star
Category: Broken Access Control
Expanded Description: https://pwning.owasp-juice.shop/part2/broken-access-control.html
Read MoreChallenge:
Name: Product Tampering
Description: Change the href of the link within the OWASP SSL Advanced Forensic Tool (O-Saft) product description into https://owasp.slack.com
Difficulty: 3 star
Category: Broken Access Control
Expanded Description: https://pwning.owasp-juice.shop/part2/broken-access-control.html
Read More
Curiosity Kills Colby 