Security Project

Fixing OWASP Juice Shop

A full, file-by-file security remediation of a deliberately vulnerable Node.js application. This project documents how real-world vulnerabilities are identified, exploited, and properly fixed — following modern secure coding practices.

Node.js TypeScript OWASP Top 10 Web Security Penetration Testing

Project Overview

OWASP Juice Shop is an intentionally insecure web application designed to simulate real-world vulnerabilities. In this project, I take a different approach: instead of just exploiting these flaws, I systematically fix them.

Each file in the backend is audited individually. For every vulnerable component, I:

Identify vulnerabilities through manual code review and testing
Demonstrate real exploitation techniques
Explain the root cause in detail
Implement secure, production-grade fixes

Methodology

The goal is not just to patch issues, but to understand how vulnerabilities interact and how they can be chained together in real attack scenarios. This includes testing with tools such as Burp Suite, Hydra, and hashcat, along with manual analysis of the TypeScript codebase.

Case Studies

Below are detailed audits of individual files. Each one represents a focused security analysis of a specific part of the application.

Authentication — login.ts

Analysis and remediation of authentication vulnerabilities including SQL injection, weak hashing, and JWT flaws.

Authorization — (coming soon)

Upcoming analysis of access control issues such as IDOR and privilege escalation.

Business Logic — (coming soon)

Investigation into logic flaws that allow abuse of application functionality.

Why This Project Matters

Many security exercises focus only on exploitation. This project goes further by demonstrating how to properly fix vulnerabilities in a maintainable and scalable way — which is what real-world engineering and security roles require.

It reflects a complete understanding of both offensive and defensive security practices.