Welcome

Welcome to OWASP WrongSecrets. With this app, we hope you will re-evaluate your secrets management strategy

For each of the challenges below: try to find the secret! Enter it in the `Answer to solution` box and score points! Note that some challenges require this app to run on additional infrastructure (see in the table below).

#  Challenge      Focus    Difficulty        Runs on environment (current: OKTETO _K8S)
0  Challenge 0 Intro β˜… β˜† β˜† β˜† β˜† Docker
1  Challenge 1 Git β˜… β˜† β˜† β˜† β˜† Docker
2  Challenge 2 Git β˜… β˜† β˜† β˜† β˜† Docker
3  Challenge 3 Docker β˜… β˜† β˜† β˜† β˜† Docker
4  Challenge 4 Docker β˜… β˜… β˜† β˜† β˜† Docker
5  Challenge 5 Configmaps β˜… β˜… β˜† β˜† β˜† K8S
6  Challenge 6 Secrets β˜… β˜… β˜† β˜† β˜† K8S
7  Challenge 7 Vault β˜… β˜… β˜… β˜… β˜† K8S with Vault
8  Challenge 8 Logging β˜… β˜… β˜† β˜† β˜† Docker
9  Challenge 9 Terraform β˜… β˜… β˜… β˜† β˜† AWS, GCP, Azure
10  Challenge 10 CSI-Driver β˜… β˜… β˜… β˜… β˜† AWS, GCP, Azure
11  Challenge 11 IAM privilege escalation β˜… β˜… β˜… β˜… β˜† AWS, GCP, Azure
12  Challenge 12 Docker β˜… β˜… β˜… β˜† β˜† Docker
13  Challenge 13 CI/CD β˜… β˜… β˜… β˜† β˜† Docker
14  Challenge 14 Password Manager β˜… β˜… β˜… β˜… β˜† Docker
15  Challenge 15 Git β˜… β˜… β˜† β˜† β˜† Docker
16  Challenge 16 Front-end β˜… β˜… β˜… β˜† β˜† Docker
17  Challenge 17 Docker β˜… β˜… β˜… β˜† β˜† Docker
18  Challenge 18 Cryptography β˜… β˜… β˜… β˜… β˜… Docker
19  Challenge 19 Binary β˜… β˜… β˜… β˜… β˜† Docker
20  Challenge 20 Binary β˜… β˜… β˜… β˜… β˜† Docker
21  Challenge 21 Binary β˜… β˜… β˜… β˜… β˜… Docker
22  Challenge 22 Binary β˜… β˜… β˜… β˜… β˜… Docker
23  Challenge 23 Front-end β˜… β˜† β˜† β˜† β˜† Docker
24  Challenge 24 Cryptography β˜… β˜… β˜† β˜† β˜† Docker
25  Challenge 25 Web3 β˜… β˜… β˜† β˜† β˜† Docker
26  Challenge 26 Web3 β˜… β˜… β˜† β˜† β˜† Docker
27  Challenge 27 Web3 β˜… β˜… β˜† β˜† β˜† Docker
28  Challenge 28 Documentation β˜… β˜† β˜† β˜† β˜† Docker

Hasty? Here is the Vault secret;-)

Like what you see? Please
Star us on Github
OWASP Project Leaders: Top Contributors: Testers: Special mentions for helping out:
Developing our solution in 3 clouds cost money. Want to help us to cover our cloud bills? Donate.
Resources/further reading on secrets management:
Wondering what a secret is? A secret is often a confidential piece of information that is required to unlock certain functionalities or information. It can exists in many shapes or forms, for instance:
  • 2FA keys
  • Activation/Callback links
  • API keys
  • Credentials
  • Passwords
  • Private keys (decryption, signing, TLS, SSH, GPG)
  • Secret keys (symmetric encryption, HMAC)
  • Session cookies
  • Tokens (Session, Refresh, Authentication, Activation, etc.)
Want to see if your tool of choice detects all the secrets available in this project? Check the instructions in the README.