In this hacking hands-on training, the most common cryptographic concepts and algorithms are presented to teach developers how to securely use cryptography.
Follow the setup instructions on https://www.zaproxy.org/download/.
Starting with version 2.8.0, OWASP ZAP includes a Heads Up Display. Look into the corresponding OWASP ZAP HUD github project to learn more about this fascinating feature.
To make calls to REST API of the Juice Shop via a comfortable UI you may use Postman.
Follow the setup instructions on https://www.postman.com/downloads.
If you are more used to make calls to REST API of the Juice Shop via command line you may try Httpie.
Follow the setup instructions on https://httpie.org.
If you are more used to make calls to REST API of the Juice Shop via command line you also may try the classic Curl.
Follow the setup instructions on https://curl.haxx.se.
The labs are categorized according to the cryptographic types.
- API01: Broken Object Level Authorization
- API02: Broken User Authentication
- API03: Excessive Data Exposure
- API04: Lack of Resources and Rate Limiting
- API05: Broken Function Level Authorization
- API06: Mass Assignment
- API07: Security Misconfiguration
- API08: Injection
- API09: Improper Assets Management
- API10: Insufficient Logging and Monitoring