The fictional Juice Shop that Chase Cunningham (aka Dr. Zero Trust) set up to demonstrate OWASP Top 10 risks just keeps getting hit. The Juice Shop app, which he created on the HyperQube test platform, is designed to be super vulnerable – with “as many holes as Swiss cheese” – to illustrate the risks.
Server Side Request Forgery, #10 in the OWASP Top 10 app security risks, occurs when a web app fetches a remote resource without validating a user-supplied URL, enabling a criminal to force the app to send an effective request to a destination that would otherwise not comply. To illustrate Chase scans for open ports on his very own app, a step typically used for reconnaissance to plan an attack and find vulnerable targets.
Ericom Web Application Isolation (WAI), an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats, operates as a much-improved, perimeter-less “next-gen” WAF solution. To protect against Server Side Request Forgery risks, WAI cloaks apps, making ports and protocols go dark to the web in accordance with the Zero Trust principle of deny by default.
Check out the quick demo right here: