The vulnerable web application OWASP Juice Shop will be used to demonstrate the capabilities of the FAST extension mechanism.
This application can be deployed in multiple ways (for example, using Docker, Node.JS, or Vagrant).
To see the OWASP Juice Shop documentation that lists the vulnerabilities embedded into it, proceed to the following link.
We suggest you avoid providing the host that the OWASP Juice Shop runs on with internet access or real data (for example, login/password pairs).
To test the “OWASP Juice Shop” target application for vulnerabilities, take the following steps:
- Examine the web application to become familiar with its behavior.
- Craft a sample modifying extension.
- Craft a sample nonmodifying extension.
- Use the created extensions.
When creating a FAST extension, you need to understand the structure of the HTTP request sent to the application and that of the HTTP response received from the application in order to correctly describe the request elements that you need to work with using the points.
To see detailed information, proceed to this link.