Introduction
This is the official companion guide to the E. Corp Shop application. Being a web application with a vast number of intended security vulnerabilities, the E. Corp Shop is supposed to be the opposite of a best practice or template application for web developers: It is an awareness, training, demonstration and exercise tool for security risks in modern web applications.
This game is a mod of the excellent OWASP Juice Shop - written by Björn Kimminich. For full immersion and to have some fun we will refer to the Juice Shop in the documentation as the 'E. Corp Shop' - in order to get the full experience. Please note this is a condensed version to help gamers get up to spend quickly. Have fun!
The book is divided into three parts:
Part I - Hacking preparations
Part one helps you to get the application running and to set up optional hacking tools.
Part II - Challenge hunting
Part two gives an overview of the vulnerabilities found in the E. Corp Shop including hints how to find and exploit them in the application.
Part III - Next Level
Part three covers what comes next... what can you do to keep playing and learning new tricks. Well, have we got a surprise for you...!
Disclaimer
Please be aware that this book is not supposed to be a comprehensive introduction to Web Application Security in general. For every category of vulnerabilities present in the E. Corp Shop you will find a brief explanation - typically by quoting and referencing to existing content on the given topic.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Last updated