Capstone Project ( OWASP Juice Shop — Security Assessment)

Author: Shubham R. Sahoo
Report: Capstone Project.pdf (included)
PDF SHA256: 62521c4cef1b2125c37c532c7e82cbd2a54670f0ab9b8db325096aa1c13d2b3a

Overview

This repository contains my internship capstone report documenting a hands-on security assessment of the OWASP Juice Shop (an intentionally vulnerable web app used for training). The report includes PoCs, impact analysis, and remediation recommendations.

Key findings

• SQL Injection (Critical) — exfiltration of DB schema via UNION injection
• Improper Error Handling (High) — stack traces exposed in responses
• Unauthorized File Access (High) — /ftp/legal.md publicly accessible
• Missing URL Encoding (Medium) — broken image URLs with # characters

Files

• Capstone Project.pdf — full report (PDF)
• README.md — project summary

Notes & responsible disclosure

All testing was performed on the OWASP Juice Shop lab instance provided during my internship and is intended for educational purposes only. No production systems were targeted. If you need to verify evidence privately, please contact me.