0% found this document useful (0 votes)

14 views3 pages

SQA Bug Analysis Report

This Bug Analysis Report evaluates the OWASP Juice Shop demo using manual and automated testing methods, identifying critical vulnerabilities such as SQL injection and XSS. It includes a detailed bug report with proposed fixes for each issue, emphasizing the importance of security in web applications. The report concludes by affirming that it meets the assignment requirements through comprehensive documentation of detected bugs and their resolutions.

Uploaded by

Hafiz Mizfar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

14 views3 pages

SQA Bug Analysis Report

Uploaded by

Hafiz Mizfar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

Bug Analysis Report using Manual and

Automation Testing
Course: Software Quality Assurance

Submitted by: [Your Name]

Date: June 13, 2025

Table of Contents
1. Introduction
2. Website Under Test
3. Testing Methods
4. Detailed Bug Report
5. Fix Suggestions in Code
6. Conclusion

1. Introduction
This report evaluates the OWASP Juice Shop live demo using manual testing and simple
automated tools. It identifies key bugs and suggests fixes to improve security and usability.

2. Website Under Test

Name: OWASP Juice Shop (Public Demo)

URL: https://juice-shop.herokuapp.com/

Description: A web application with intentional vulnerabilities. Perfect for security-focused

or functional testing exercises.

3. Testing Methods
Method Tool/Approach

Manual Testing Browser testing, inspecting elements

SQL Injection Input `' OR 1=1 --`

XSS Testing Injecting `<iframe>` payloads

4. Detailed Bug Report
Bug ID Description Detection Severity Proposed Fix

B001 Login form Input `' OR 1=1 Critical Use

allows SQLi --` logs in as parameterized
bypass first user queries &
sanitize inputs

B002 Search field Inject High Strip unsafe

DOM XSS `<iframe>` HTML in input
triggers alert

B003 Reflected XSS in Changing URL High Validate/

tracking ID param shows encode URL
popup parameters

B004 Access Browsing `/ftp` High Disable

confidential reveals files directory listing
docs via `/ftp` or require login

5. Fix Suggestions in Code

Bug B001 (SQL Injection Fix):

db.query('SELECT * FROM users WHERE email = ?', [userEmail],

function(err, results) {
// safe parameterized query
});

Bug B002 (Sanitize XSS):

const sanitized = sanitizeHtml(userInput, {

allowedTags: [],
allowedAttributes: {},
});

Bug B003 (URL Param Encoding):

const id = encodeURIComponent(req.query.id);
// then fetch using trusted server-side logic

Bug B004 (Disable Listing):

location /ftp/ {
autoindex off;
deny all;
}

6. Conclusion
The OWASP Juice Shop demo includes multiple high-severity bugs suitable for a QA report.
By documenting their detection, severity, and fixes, this report meets all assignment
requirements.

New Microsoft Word Document
No ratings yet
New Microsoft Word Document
2 pages
OWASP JuiceShop WebApp
No ratings yet
OWASP JuiceShop WebApp
38 pages
OWASP Juice Shop Report 4
No ratings yet
OWASP Juice Shop Report 4
3 pages
Report Example
No ratings yet
Report Example
34 pages
OWASP Juice Shop Pentest Report
No ratings yet
OWASP Juice Shop Pentest Report
22 pages
Eh Pentesting Shishir
No ratings yet
Eh Pentesting Shishir
4 pages
Report
No ratings yet
Report
35 pages
OWASP Juice Shop Security Audit Guide
No ratings yet
OWASP Juice Shop Security Audit Guide
6 pages
OWASP Juice Shop Lab Manual
No ratings yet
OWASP Juice Shop Lab Manual
3 pages
ADS299 Capstone Project in Application and Data Security: Course Project Duration Defense Date
No ratings yet
ADS299 Capstone Project in Application and Data Security: Course Project Duration Defense Date
28 pages
Pwning Owasp Juice Shop PDF
No ratings yet
Pwning Owasp Juice Shop PDF
254 pages
Day 2 - OWASP Juice Shop - Introduction
No ratings yet
Day 2 - OWASP Juice Shop - Introduction
3 pages
WEEK 4 Activity 1 Individual Hands-On Activity
No ratings yet
WEEK 4 Activity 1 Individual Hands-On Activity
4 pages
Cyberproject
No ratings yet
Cyberproject
5 pages
Web Pentesting For Vurlns
No ratings yet
Web Pentesting For Vurlns
280 pages
Farmer
No ratings yet
Farmer
14 pages
Experiment 6
No ratings yet
Experiment 6
9 pages
Sample Software Test Report in PDF (FREE DOWNLOAD)
No ratings yet
Sample Software Test Report in PDF (FREE DOWNLOAD)
17 pages
Test Task Latest
No ratings yet
Test Task Latest
9 pages
Report of The Juice Shop App
No ratings yet
Report of The Juice Shop App
24 pages
Kapil TestStrategy
No ratings yet
Kapil TestStrategy
4 pages
Task 2 Cyber Security
No ratings yet
Task 2 Cyber Security
11 pages
E-commerce Automation Testing Guide
No ratings yet
E-commerce Automation Testing Guide
4 pages
Optimized Testing Strategy for Complex Projects
No ratings yet
Optimized Testing Strategy for Complex Projects
2 pages
Software Testing and Validation Plan
No ratings yet
Software Testing and Validation Plan
10 pages
Ethical Hacking CSRF Lab Assignment
No ratings yet
Ethical Hacking CSRF Lab Assignment
8 pages
Utest-Bug Report
No ratings yet
Utest-Bug Report
2 pages
Viva
No ratings yet
Viva
12 pages
Lab Report 3: Software Engineering & Network Security: o o o o
No ratings yet
Lab Report 3: Software Engineering & Network Security: o o o o
2 pages
Security Insights for Developers
No ratings yet
Security Insights for Developers
2 pages
Crit E Evaluation1740664594
No ratings yet
Crit E Evaluation1740664594
8 pages
OpenCart Frontend Test Plan
No ratings yet
OpenCart Frontend Test Plan
14 pages
Youtube PavanKumar Manual Testing 02 Practical 1673793542
No ratings yet
Youtube PavanKumar Manual Testing 02 Practical 1673793542
20 pages
Answer Key Mock Format
No ratings yet
Answer Key Mock Format
7 pages
Icc
No ratings yet
Icc
14 pages
OpenCart Testing Strategy and Plan
100% (1)
OpenCart Testing Strategy and Plan
14 pages
YoussefHanyMohamed WeSchool U6Task4
No ratings yet
YoussefHanyMohamed WeSchool U6Task4
9 pages
9 Manual Testing Process
No ratings yet
9 Manual Testing Process
5 pages
Test Execution Dashboard Overview
No ratings yet
Test Execution Dashboard Overview
8 pages
JIRA Dashboard & Test Analysis Report
No ratings yet
JIRA Dashboard & Test Analysis Report
8 pages
OpenCart Testing Strategy and Plan
No ratings yet
OpenCart Testing Strategy and Plan
9 pages
Juice Shop
No ratings yet
Juice Shop
348 pages
Report Made2Automate
No ratings yet
Report Made2Automate
9 pages
Owasp Top 10
No ratings yet
Owasp Top 10
22 pages
Test Code 2
No ratings yet
Test Code 2
15 pages
Task - 2 WAPT - Report-1
No ratings yet
Task - 2 WAPT - Report-1
9 pages
Project Report SD 2 PDF
No ratings yet
Project Report SD 2 PDF
11 pages
Cybersecurity Internship Manual - Beginner Guide: Cyber Security Interns Manual
No ratings yet
Cybersecurity Internship Manual - Beginner Guide: Cyber Security Interns Manual
7 pages
OWASP Juice Shop Vulnerability Review
No ratings yet
OWASP Juice Shop Vulnerability Review
18 pages
QA Question Answer Key
No ratings yet
QA Question Answer Key
7 pages
Owasp Report
No ratings yet
Owasp Report
10 pages
Devki File
No ratings yet
Devki File
12 pages
Bug Bounty Checklist
No ratings yet
Bug Bounty Checklist
11 pages
Night District 1
No ratings yet
Night District 1
9 pages
Additional Task 2
No ratings yet
Additional Task 2
9 pages
Software Testing and Implementation
No ratings yet
Software Testing and Implementation
16 pages
Secure Code Review CheckList
No ratings yet
Secure Code Review CheckList
5 pages
Genetic Algorithm
No ratings yet
Genetic Algorithm
28 pages
Artificial Intelligence Unit 5 - Optimization - Local Search
No ratings yet
Artificial Intelligence Unit 5 - Optimization - Local Search
35 pages
Sudoku OEL - Fri
No ratings yet
Sudoku OEL - Fri
9 pages
AI CCP Report Hafiz Mizfar
No ratings yet
AI CCP Report Hafiz Mizfar
5 pages
STQA Book
No ratings yet
STQA Book
129 pages
Next Gen Service
No ratings yet
Next Gen Service
1,369 pages
HRIS Implementation Guide
No ratings yet
HRIS Implementation Guide
11 pages
Xi DBMS
No ratings yet
Xi DBMS
21 pages
Software For University Libraries 2.0 (SOUL 2.0) : Major Features and Functionalities
No ratings yet
Software For University Libraries 2.0 (SOUL 2.0) : Major Features and Functionalities
5 pages
Interview Questions
No ratings yet
Interview Questions
3 pages
HDFC Software Requirement Specification Srs
100% (1)
HDFC Software Requirement Specification Srs
24 pages
Divyanshu Chauhan QA
No ratings yet
Divyanshu Chauhan QA
1 page
Online Job Portal Project Report
100% (1)
Online Job Portal Project Report
51 pages
Building A Media Ecosystem Observatory From Scratc
No ratings yet
Building A Media Ecosystem Observatory From Scratc
18 pages
NCA AIIO Demo
No ratings yet
NCA AIIO Demo
5 pages
מתוקף NSE7 - OTS-6.4 PDF
No ratings yet
מתוקף NSE7 - OTS-6.4 PDF
19 pages
Real-Time Anomaly Monitoring System: Guided By, Presented By
No ratings yet
Real-Time Anomaly Monitoring System: Guided By, Presented By
34 pages
6 Sem Edu 601
No ratings yet
6 Sem Edu 601
7 pages
White Paper Deltav Sis Standalone en 57874
100% (1)
White Paper Deltav Sis Standalone en 57874
15 pages
4 Sustainable Tourism & Information Technology
100% (2)
4 Sustainable Tourism & Information Technology
15 pages
Batch Analysis Records
No ratings yet
Batch Analysis Records
29 pages
VULNERABILITY DETECTION LAB by MUHAMMAD ABDUL REHMAN KHAN
No ratings yet
VULNERABILITY DETECTION LAB by MUHAMMAD ABDUL REHMAN KHAN
11 pages
The 10 Commandments of Computer Ethics: Althea Noelfei Quisagan Bs Computer Science
No ratings yet
The 10 Commandments of Computer Ethics: Althea Noelfei Quisagan Bs Computer Science
4 pages
SkyBROADBAND CONNECT Proposal
No ratings yet
SkyBROADBAND CONNECT Proposal
4 pages
OVERVIEW OF INFORMATION TECHNOLOGY ACT 2000 - Huzaifa Salim
No ratings yet
OVERVIEW OF INFORMATION TECHNOLOGY ACT 2000 - Huzaifa Salim
9 pages
ETL Testing - Basics
100% (1)
ETL Testing - Basics
43 pages
React JS Slides
No ratings yet
React JS Slides
70 pages
Vinca Academy - Profile - Cybersecurity Courses
No ratings yet
Vinca Academy - Profile - Cybersecurity Courses
10 pages
AI Lec 1
No ratings yet
AI Lec 1
48 pages
GCP Cloud Architecture for Game Scaling
100% (2)
GCP Cloud Architecture for Game Scaling
100 pages
01 - Summary Manuale - Creating - Pictures Ifix 5.8
No ratings yet
01 - Summary Manuale - Creating - Pictures Ifix 5.8
12 pages
Experiment Tracking With Weights & Biases
No ratings yet
Experiment Tracking With Weights & Biases
5 pages
Unit 2: Master Data: Tools Initialize Period (MMPI)
No ratings yet
Unit 2: Master Data: Tools Initialize Period (MMPI)
2 pages
Database Management Systems Overview
No ratings yet
Database Management Systems Overview
76 pages

SQA Bug Analysis Report

Uploaded by

SQA Bug Analysis Report

Uploaded by

Bug Analysis Report using Manual and

Submitted by: [Your Name]

Date: June 13, 2025

2. Website Under Test

Description: A web application with intentional vulnerabilities. Perfect for security-focused

Manual Testing Browser testing, inspecting elements

SQL Injection Input `' OR 1=1 --`

XSS Testing Injecting `<iframe>` payloads

B001 Login form Input `' OR 1=1 Critical Use

B002 Search field Inject High Strip unsafe

B003 Reflected XSS in Changing URL High Validate/

B004 Access Browsing `/ftp` High Disable

5. Fix Suggestions in Code

db.query('SELECT * FROM users WHERE email = ?', [userEmail],

Bug B002 (Sanitize XSS):

const sanitized = sanitizeHtml(userInput, {

Bug B003 (URL Param Encoding):

Bug B004 (Disable Listing):

You might also like