0% found this document useful (0 votes)

2 views3 pages

SQA Bug Analysis Report

This Bug Analysis Report evaluates the OWASP Juice Shop demo using manual and automated testing methods, identifying critical vulnerabilities such as SQL injection and XSS. It includes a detailed bug report with proposed fixes for each issue, emphasizing the importance of security in web applications. The report concludes by affirming that it meets the assignment requirements through comprehensive documentation of detected bugs and their resolutions.

Uploaded by

Hafiz Mizfar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2 views3 pages

SQA Bug Analysis Report

Uploaded by

Hafiz Mizfar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 3

Bug Analysis Report using Manual and

Automation Testing
Course: Software Quality Assurance

Submitted by: [Your Name]

Date: June 13, 2025

Table of Contents
1. Introduction
2. Website Under Test
3. Testing Methods
4. Detailed Bug Report
5. Fix Suggestions in Code
6. Conclusion

1. Introduction
This report evaluates the OWASP Juice Shop live demo using manual testing and simple
automated tools. It identifies key bugs and suggests fixes to improve security and usability.

2. Website Under Test

Name: OWASP Juice Shop (Public Demo)

URL: https://juice-shop.herokuapp.com/

Description: A web application with intentional vulnerabilities. Perfect for security-focused

or functional testing exercises.

3. Testing Methods
Method Tool/Approach

Manual Testing Browser testing, inspecting elements

SQL Injection Input `' OR 1=1 --`

XSS Testing Injecting `<iframe>` payloads

4. Detailed Bug Report
Bug ID Description Detection Severity Proposed Fix

B001 Login form Input `' OR 1=1 Critical Use

allows SQLi --` logs in as parameterized
bypass first user queries &
sanitize inputs

B002 Search field Inject High Strip unsafe

DOM XSS `<iframe>` HTML in input
triggers alert

B003 Reflected XSS in Changing URL High Validate/

tracking ID param shows encode URL
popup parameters

B004 Access Browsing `/ftp` High Disable

confidential reveals files directory listing
docs via `/ftp` or require login

5. Fix Suggestions in Code

Bug B001 (SQL Injection Fix):

db.query('SELECT * FROM users WHERE email = ?', [userEmail],

function(err, results) {
// safe parameterized query
});

Bug B002 (Sanitize XSS):

const sanitized = sanitizeHtml(userInput, {

allowedTags: [],
allowedAttributes: {},
});

Bug B003 (URL Param Encoding):

const id = encodeURIComponent(req.query.id);
// then fetch using trusted server-side logic

Bug B004 (Disable Listing):

location /ftp/ {
autoindex off;
deny all;
}

6. Conclusion
The OWASP Juice Shop demo includes multiple high-severity bugs suitable for a QA report.
By documenting their detection, severity, and fixes, this report meets all assignment
requirements.

Pwning Owasp Juice Shop
No ratings yet
Pwning Owasp Juice Shop
301 pages
Juice Shop Pen Test Report
No ratings yet
Juice Shop Pen Test Report
22 pages
OWASP JuiceShop WebApp
No ratings yet
OWASP JuiceShop WebApp
38 pages
Pwning Owasp Juice Shop PDF
No ratings yet
Pwning Owasp Juice Shop PDF
254 pages
Introduction To MChip Advance Card Application Specifications - Payment
No ratings yet
Introduction To MChip Advance Card Application Specifications - Payment
38 pages
E3D Syllabus
No ratings yet
E3D Syllabus
7 pages
Siemens LOGO Brochure
No ratings yet
Siemens LOGO Brochure
24 pages
Pwning Owasp Juice
100% (1)
Pwning Owasp Juice
233 pages
Web Pentesting For Vurlns
No ratings yet
Web Pentesting For Vurlns
280 pages
1099935205four Speed
No ratings yet
1099935205four Speed
6 pages
OWASP Juice Shop Lab Manual
No ratings yet
OWASP Juice Shop Lab Manual
3 pages
Sample Software Test Report in PDF (FREE DOWNLOAD)
No ratings yet
Sample Software Test Report in PDF (FREE DOWNLOAD)
17 pages
OWASP Juice Shop Report 4
No ratings yet
OWASP Juice Shop Report 4
3 pages
TSC User Manual E
No ratings yet
TSC User Manual E
69 pages
Artificial Intelligence Unit 5 - Optimization - Local Search
No ratings yet
Artificial Intelligence Unit 5 - Optimization - Local Search
35 pages
Genetic Algorithm
No ratings yet
Genetic Algorithm
28 pages
Report
No ratings yet
Report
35 pages
Report Example
No ratings yet
Report Example
34 pages
NCSE 2006 Mathematics Paper 2
No ratings yet
NCSE 2006 Mathematics Paper 2
18 pages
Farmer
No ratings yet
Farmer
14 pages
Fire Alarm Systems: Program Detail Manual
No ratings yet
Fire Alarm Systems: Program Detail Manual
25 pages
Viva
No ratings yet
Viva
12 pages
Aditya Borgohain Rollno.18
No ratings yet
Aditya Borgohain Rollno.18
15 pages
Modelling Timing Constraints
No ratings yet
Modelling Timing Constraints
7 pages
Sudoku OEL - Fri
No ratings yet
Sudoku OEL - Fri
9 pages
Crit E Evaluation1740664594
No ratings yet
Crit E Evaluation1740664594
8 pages
OnePlus Digital Marketing Strategies
50% (2)
OnePlus Digital Marketing Strategies
35 pages
Report of The Juice Shop App
No ratings yet
Report of The Juice Shop App
24 pages
مشروع بصمة
No ratings yet
مشروع بصمة
22 pages
AI CCP Report Hafiz Mizfar
No ratings yet
AI CCP Report Hafiz Mizfar
5 pages
Experiment 6
No ratings yet
Experiment 6
9 pages
Course Information: Handbook For Additional Information
No ratings yet
Course Information: Handbook For Additional Information
11 pages
Web Security Project Update
No ratings yet
Web Security Project Update
6 pages
2015-2016 Carver Student - Parent Handbook
No ratings yet
2015-2016 Carver Student - Parent Handbook
29 pages
Test Task Latest
No ratings yet
Test Task Latest
9 pages
Test Code 3
No ratings yet
Test Code 3
10 pages
Cyberproject
No ratings yet
Cyberproject
5 pages
Kapil TestStrategy
No ratings yet
Kapil TestStrategy
4 pages
Presentation Crystal Report
No ratings yet
Presentation Crystal Report
17 pages
Test Plan (OpenCart)
No ratings yet
Test Plan (OpenCart)
14 pages
Automation Testing - E-Commerce Web Application
No ratings yet
Automation Testing - E-Commerce Web Application
4 pages
Task 2 Cyber Security
No ratings yet
Task 2 Cyber Security
11 pages
Formats of Letter
No ratings yet
Formats of Letter
23 pages
Data Analytics Model Question Paper P21CS601 New
No ratings yet
Data Analytics Model Question Paper P21CS601 New
3 pages
Polynomial 4 Class 10
No ratings yet
Polynomial 4 Class 10
4 pages
WEEK 4 Activity 1 Individual Hands-On Activity
No ratings yet
WEEK 4 Activity 1 Individual Hands-On Activity
4 pages
Ethical Hacking and Peneteration Testing Lab 2
No ratings yet
Ethical Hacking and Peneteration Testing Lab 2
8 pages
Security Analysis Report
No ratings yet
Security Analysis Report
2 pages
8086 Question Bank
No ratings yet
8086 Question Bank
4 pages
An Open Source Power System Simulator in Python For Efficient Prototyping of WAMPAC Applications
No ratings yet
An Open Source Power System Simulator in Python For Efficient Prototyping of WAMPAC Applications
6 pages
Imp Question WEb DEsigning
No ratings yet
Imp Question WEb DEsigning
3 pages
Lab Report 3: Software Engineering & Network Security: o o o o
No ratings yet
Lab Report 3: Software Engineering & Network Security: o o o o
2 pages
Genz Benz ShuttleMax 12.2 Manual
No ratings yet
Genz Benz ShuttleMax 12.2 Manual
9 pages
Nursery Management System
No ratings yet
Nursery Management System
8 pages
AI in Cybersecurity Q3 2024 PDF 1730594501
No ratings yet
AI in Cybersecurity Q3 2024 PDF 1730594501
27 pages
Eh Pentesting Shishir
No ratings yet
Eh Pentesting Shishir
4 pages
WP2 File Transfer Linux
No ratings yet
WP2 File Transfer Linux
3 pages
Frequently Used Configuration Parameters in SAP HANA
No ratings yet
Frequently Used Configuration Parameters in SAP HANA
68 pages
Department of Biotechnology: Biotechnology Eligibility Test (BET) 2020
No ratings yet
Department of Biotechnology: Biotechnology Eligibility Test (BET) 2020
2 pages
CWTS Project Proposal
No ratings yet
CWTS Project Proposal
2 pages
Assignment 6
No ratings yet
Assignment 6
2 pages
New Microsoft Word Document
No ratings yet
New Microsoft Word Document
2 pages
Computer Engineering (4) :computer Networks: September 2015
No ratings yet
Computer Engineering (4) :computer Networks: September 2015
8 pages
English 08 Q2 Module 1 Final
No ratings yet
English 08 Q2 Module 1 Final
18 pages
Utest-Bug Report
No ratings yet
Utest-Bug Report
2 pages
Mathematical Modeling of Train Dynamics - A Step Towards PC Train Simulator
No ratings yet
Mathematical Modeling of Train Dynamics - A Step Towards PC Train Simulator
16 pages
Youtube PavanKumar Manual Testing 02 Practical 1673793542
No ratings yet
Youtube PavanKumar Manual Testing 02 Practical 1673793542
20 pages
AWS Certified Developer Associate (DVA-C01) Practice Test
From Everand
AWS Certified Developer Associate (DVA-C01) Practice Test
iCertify Training
No ratings yet
Java EE 7 Application Developer 1Z0 900
From Everand
Java EE 7 Application Developer 1Z0 900
Manish Soni
No ratings yet
Microsoft Certified Azure Fundamentals Study Guide: Exam AZ-900
From Everand
Microsoft Certified Azure Fundamentals Study Guide: Exam AZ-900
James Boyce
No ratings yet
Professional Java for Web Applications
From Everand
Professional Java for Web Applications
Nicholas S. Williams
No ratings yet
IBM WebSphere Portal 8: Web Experience Factory and the Cloud
From Everand
IBM WebSphere Portal 8: Web Experience Factory and the Cloud
Chelis Camargo
No ratings yet
Microsoft Application Virtualization Advanced Guide
From Everand
Microsoft Application Virtualization Advanced Guide
Augusto Alvarez
No ratings yet
Java EE 7 Development with WildFly
From Everand
Java EE 7 Development with WildFly
Francesco Marchioni
No ratings yet
Oracle SOA Suite 11g Administrator's Handbook
From Everand
Oracle SOA Suite 11g Administrator's Handbook
Ahmed Aboulnaga
No ratings yet
WCF Multi-layer Services Development with Entity Framework - Fourth Edition
From Everand
WCF Multi-layer Services Development with Entity Framework - Fourth Edition
Mike Liu
No ratings yet
IBM WebSphere Application Server v7.0 Security
From Everand
IBM WebSphere Application Server v7.0 Security
Omar Siliceo
No ratings yet
Web Services Testing with soapUI
From Everand
Web Services Testing with soapUI
Charitha Kankanamge
5/5 (1)
Mastering OAuth 2.0: Create powerful applications to interact with popular service providers such as Facebook, Google, Twitter, and more by leveraging the OAuth 2.0 Authorization Framework
From Everand
Mastering OAuth 2.0: Create powerful applications to interact with popular service providers such as Facebook, Google, Twitter, and more by leveraging the OAuth 2.0 Authorization Framework
Charles Bihis
4/5 (2)
OpenID Connect - End-user Identity for Apps and APIs: API-University Series, #6
From Everand
OpenID Connect - End-user Identity for Apps and APIs: API-University Series, #6
Matthias Biehl
No ratings yet
API Gateway, Cognito and Node.js Lambdas
From Everand
API Gateway, Cognito and Node.js Lambdas
Matthew Casperson
5/5 (1)
Introduction to Web Hacking: Cross-site Scripting
From Everand
Introduction to Web Hacking: Cross-site Scripting
Gary Drocella
No ratings yet
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
From Everand
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
Slava Gomzin
No ratings yet
Access 2007 VBA Programmer's Reference
From Everand
Access 2007 VBA Programmer's Reference
Teresa Hennig
5/5 (2)
Professional ASP.NET 4 in C# and VB
From Everand
Professional ASP.NET 4 in C# and VB
Bill Evjen
No ratings yet
Mastering Django: Core
From Everand
Mastering Django: Core
Nigel George
3/5 (1)
Microsoft PowerShell, VBScript and JScript Bible
From Everand
Microsoft PowerShell, VBScript and JScript Bible
William R. Stanek
No ratings yet
iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment
From Everand
iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment
Steve Goodman
No ratings yet
Amazon Web Services: Migrating your .NET Enterprise Application
From Everand
Amazon Web Services: Migrating your .NET Enterprise Application
Rob Linton
No ratings yet
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
From Everand
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Dafydd Stuttard
2.5/5 (3)
Securing Amazon Web Services
From Everand
Securing Amazon Web Services
Jay Schulman
3.5/5 (2)
Angular HTTP: Connecting to the REST API
From Everand
Angular HTTP: Connecting to the REST API
Abdelfattah Ragab
No ratings yet
Heroku Cloud Application Development
From Everand
Heroku Cloud Application Development
Anubhav Hanjura
No ratings yet
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
From Everand
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
POONAM DEVI
No ratings yet

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

SQA Bug Analysis Report

Uploaded by

SQA Bug Analysis Report

Uploaded by

Bug Analysis Report using Manual and

Submitted by: [Your Name]

Date: June 13, 2025

2. Website Under Test

Description: A web application with intentional vulnerabilities. Perfect for security-focused

Manual Testing Browser testing, inspecting elements

SQL Injection Input `' OR 1=1 --`

XSS Testing Injecting `<iframe>` payloads

B001 Login form Input `' OR 1=1 Critical Use

B002 Search field Inject High Strip unsafe

B003 Reflected XSS in Changing URL High Validate/

B004 Access Browsing `/ftp` High Disable

5. Fix Suggestions in Code

db.query('SELECT * FROM users WHERE email = ?', [userEmail],

Bug B002 (Sanitize XSS):

const sanitized = sanitizeHtml(userInput, {

Bug B003 (URL Param Encoding):

Bug B004 (Disable Listing):

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.