Web App Pentesting using BodgeIt Store (Part 1)
Learn the complete process of web application penetration testing using BodgeIt store vulnerable-by-design web application.
This video shows how to set up the lab environment for this YCSC Let's Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub.
A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/
What is BodgeIt Store?
A vulnerable web application aimed at beginners in web penetration testing
Technology stack:
Java
Servlet engine
Installation options:
Virtual Machine
Docker
GitHub Link: https://github.com/psiinon/bodgeit
Vulnerabilities
It includes the following vulnerabilities:
Cross Site Scripting
SQL injection
Hidden (but unprotected) content
Cross Site Request Forgery
Debug code
Insecure Object References
About the series
In this Let's Learn series, we cover the web application penetration testing process end to end, from scoping to report. We will be using The BodgeIt Store, a beginner level vulnerable-by-design application, to demonstrate a complete penetration test.