Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Intro

Today we're kicking of a multipart series all about hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

Get ready to hack!

In the video, I walk you through getting Burp Suite configured, and also how to get your Web browser to proxy traffic through it using tools like FoxyProxy. And although it's slightly out of scope for attacking the Juice Shop, I also show you how to install the Burp CA cert so you can pentest HTTPS sites in the future.

Pwn some admin creds

I close the video by demonstrating a SQL injection attack against the Juice Shop login form, which get us administrative access to the application and puts us in a good position to annihilate a ton of the app's vulnerabilities on the next 7MS episode!

Video:

Here's the complementary video content for today's audio podcast: