2. Strengthen your cybersecurity pen-testing skill Instructions: In OWASP Juice Shop, enable the “scoreboard.” At a glance, I don’t see an option for a group scoreboard. If you do, then great, use that. Each team member must submit a scoreboard – meaning, each team member performs the hacking exercises and shows evidence. Each time a team scores points for a hack, take a screenshot that shows the key output from the hack, and a screenshot showing a message of success from OWASP Juice Shop.

take 2 or 3 screenshots (max) per exercise that your team performs. When taking screenshots, make sure that your screenshot captures the command prompt with your Ubuntu username shown OR the screenshot captures your Ubuntu username in the title bar of your Ubuntu VM window.

If the screenshot is from the terminal window, capture the command issued. OWASP Juice Shop contains a set of pre-planned exercises. Students can earn points from working on Juice Shop’s exercises. Students can also earn points if they are able to hack into Juice Shop using their own free-form exercises (i.e., those not defined by Juice Shop makers).

Students can earn points for unsuccessful attempts, as long as there are descriptive screenshots that follow the guidelines above. More points are earned for successful hacks. Use any the tools covered in Labs 1-5 to pen test OWASP Juice Shop. You’re welcomed to use additional security tools if desired.

Blackboard Submission: Each participating team member must submit the following for each exercise you completed for credit:

1. a brief description of the hack (in 1 or 2 sentences)

2. your screenshots from the exercise

3. a screenshot of the OWASP Juice Shop scoreboard

4. the names of team members who participated (it is fine for students not to participate) If you completed a “free form” exercise that OWASP Juice Shop did not include in the scoreboard, briefly note that so that you can get credit.

Multiple submissions are allowed on Blackboard. The team with the most points will earn additional credit. It is difficult to say how much until the results are known.

