This repository houses my penetration testing report on OWASP Juice Shop v17.2.0. It serves as a practical exercise in vulnerability assessment, demonstrating my understanding of the OWASP Top 10 flaws and the MITRE frameworks (CWE, CAPEC, ATT&CK).
-
Purpose:
This project was created as a learning exercise to practice vulnerability assessment techniques and pen-test report writing. The goal was to map realistic vulnerabilities to the MITRE frameworks. -
Scope:
Currently, the OWASP Juice Shop v17.2.0 has 107 vulnerabilities, this report focuses on 35 vulnerabilities that were selected for their realism and severity. These vulnerabilities best illustrate the OWASP Top 10 categories.
-
Vulnerability Assessment:
Conducted an end-to-end assessment manually and using:- Burp Suite for intercepting and analyzing web traffic.
- John The Ripper for dictionary-based/brute-force password attacks.
- Dirb for directory and file enumeration.
- Custom Python Scripts for automating parts of the assessment.
-
MITRE Mapping:
Each vulnerability is mapped to the relevant MITRE frameworks (CWE, CAPEC, ATT&CK) to trace:- Root causes (CWE)
- Adversarial tactics (ATT&CK)
- Attack patterns (CAPEC)
For full details—including simulated exploitation steps, MITRE mapping information, and additional insights—please refer to the Full Report.
This project is solely for educational purposes. The scenarios and vulnerabilities described are part of a controlled, simulated practice environment using OWASP Juice Shop—a platform designed for learning and testing security tools.