- Name: Adithyan.V
- Task: Task 01 β Web Application Security Testing
- Tool Used: OWASP ZAP
- URL: https://juice-shop.herokuapp.com
- Type: Intentionally vulnerable web application
- Configured browser to route traffic through ZAP proxy
- Performed manual exploration of the application
- Conducted automated scans to detect common security flaws
- Analyzed and triaged total alerts generated by ZAP
- Medium Risk: Session ID in URL Rewrite and Cross-Domain Misconfiguration
- Low Risk: Missing Security Headers including CSP, HSTS, and X-Frame-Options
- Informational: Server Version Leaks and Private IP Disclosure
This task helped in understanding real-world web vulnerabilities and how automated tools like OWASP ZAP assist in identifying security issues. Implementing secure session management and hardening server-side security headers will significantly improve the application's overall security posture.