Visual Attack Surface Mapping for University Pentesting

This presentation explores Juice Shop's architecture and its associated vulnerabilities, including insecure JWT handling, plaintext credential exposure, and password weaknesses. It highlights findings from tools like Burp Suite and Wireshark, revealing risks such as CSRF and MITM attacks. Using the STRIDE framework and attack tree mapping, security gaps are analysed, alongside session mismanagement and SQLite hashing flaws. Recommendations focus on securing APIs, strengthening authentication,...