Why the E. Corp Shop exists

To the unsuspecting user the E. Corp Shop just looks like a small online shop which sells - surprise! - consumer junk. Except for the entirely overrated payment and delivery aspect of the e-commerce business, the E. Corp Shop is fully functional. But this is just the tip of the iceberg. The E. Corp Shop contains challenges of varying difficulty where you are supposed to exploit underlying security vulnerabilities. These vulnerabilities were intentionally planted in the application for exactly that purpose, but in a way that actually happens in "real-life" web development as well!

Your hacking progress is tracked by the application using immediate push notifications for successful exploits as well as a score board for progress overview. Finding this score board is actually one of the (easiest) challenges! The idea behind this is to utilize gamification techniques to motivate you to get as many challenges solved as possible - similar to unlocking achievements in many modern video games.

Apart from the hacker and awareness training use case, penetration testing tools and automated security scanners are invited to use E. Corp Shop as a sort of guinea pig-application to check how well their products cope with JavaScript-heavy application frontends and REST APIs.