Now that your Juice Shop is up and running, take a few minutes to get to know it better. Judging from the name alone, it's probably a web shop that sells fruit beverages. But is that all there is?

1. Open the web shop (e.g. https://johndoe-juice.herokuapp.com) in your favorite web browser.
2. Play around.

• What does the shop (allow the user to) do?
  • What do you need to do to be able to buy from the store?
  • Can you do anything after ordering?
  • What categories of users do you think the site has? Is there more than one type of Customer? Are there other roles?
  • What do you need to do to become a user?
  • How does the system seem to authenticate you as a user?
• How is the site constructed?
  • Does the site seem to have any identifiable integrations to other systems?
  • Does the site seem to have any identifiable subsystems?
  • What components/libraries/techniques does it appear to be using?
• Imagine you're the owner of the business itself. What risks to the web shop would you be worried about?

What you're doing now is called footprinting or reconnaissance, and is an important step in order to plan and execute a successful attack on any system.

In a real-world situation, an attacker could spend very long time in this phase, extracting and combining information from multiple sources, including:

• Social media sites, such as LinkedIn, Facebook
• Online directories, yellow pages, Ratsit, Domain registrar records, Google Maps etc.
• Public records such as financial reports, court rulings
• Official public websites of the main target and of any competitors, contractors or other known associates
• Rummaging through the dumpster outside the main office, calling the main switchboard, etc.