This is the official companion guide to the E. Corp Shop application. Being a web application with a vast number of intended security vulnerabilities, the E. Corp Shop is supposed to be the opposite of a best practice or template application for web developers: It is an awareness, training, demonstration and exercise tool for security risks in modern web applications.
This game is a mod of the excellent OWASP Juice Shop - written by Björn Kimminich. For full immersion and to have some fun we will refer to the Juice Shop in the documentation as the 'E. Corp Shop' - in order to get the full experience. Please note this is a condensed version to help gamers get up to spend quickly. Have fun!
The book is divided into three parts:
Part one helps you to get the application running and to set up optional hacking tools.
Part two gives an overview of the vulnerabilities found in the E. Corp Shop including hints how to find and exploit them in the application.
Part three covers what comes next... what can you do to keep playing and learning new tricks. Well, have we got a surprise for you...!
Please be aware that this book is not supposed to be a comprehensive introduction to Web Application Security in general. For every category of vulnerabilities present in the E. Corp Shop you will find a brief explanation - typically by quoting and referencing to existing content on the given topic.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.