Welcome

Welcome to OWASP WrongSecrets. With this app, we hope you will re-evaluate your secrets management strategy.

For each of the challenges below: try to find the secret! Enter it in the `Answer to solution` box and score points! Note that some challenges require this app to run on additional infrastructure (see in the table below).

#  Challenge      Focus    Difficulty        Runs on environment (current: OKTETO _K8S) Solved
0   Challenge 0 Intro β˜…β˜†β˜†β˜†β˜† Docker
1   Challenge 1 Git β˜…β˜†β˜†β˜†β˜† Docker
2   Challenge 2 Git β˜…β˜†β˜†β˜†β˜† Docker
3   Challenge 3 Docker β˜…β˜†β˜†β˜†β˜† Docker
4   Challenge 4 Docker β˜…β˜…β˜†β˜†β˜† Docker
5   Challenge 5 Configmaps β˜…β˜…β˜†β˜†β˜† K8S
6   Challenge 6 Secrets β˜…β˜…β˜†β˜†β˜† K8S
7   Challenge 7 Vault β˜…β˜…β˜…β˜…β˜† K8S with Vault
8   Challenge 8 Logging β˜…β˜…β˜†β˜†β˜† Docker
9   Challenge 9 Terraform β˜…β˜…β˜…β˜†β˜† AWS, GCP, Azure
10   Challenge 10 CSI-Driver β˜…β˜…β˜…β˜…β˜† AWS, GCP, Azure
11   Challenge 11 IAM privilege escalation β˜…β˜…β˜…β˜…β˜† AWS, GCP, Azure
12   Challenge 12 Docker β˜…β˜…β˜…β˜†β˜† Docker
13   Challenge 13 CI/CD β˜…β˜…β˜…β˜†β˜† Docker
14   Challenge 14 Password Manager β˜…β˜…β˜…β˜…β˜† Docker
15   Challenge 15 Git β˜…β˜…β˜†β˜†β˜† Docker
16   Challenge 16 Front-end β˜…β˜…β˜…β˜†β˜† Docker
17   Challenge 17 Docker β˜…β˜…β˜…β˜†β˜† Docker
18   Challenge 18 Cryptography β˜…β˜…β˜…β˜…β˜… Docker
19   Challenge 19 Binary β˜…β˜…β˜…β˜…β˜† Docker
20   Challenge 20 Binary β˜…β˜…β˜…β˜…β˜† Docker
21   Challenge 21 Binary β˜…β˜…β˜…β˜…β˜… Docker
22   Challenge 22 Binary β˜…β˜…β˜…β˜…β˜… Docker
23   Challenge 23 Front-end β˜…β˜†β˜†β˜†β˜† Docker
24   Challenge 24 Cryptography β˜…β˜…β˜†β˜†β˜† Docker
25   Challenge 25 Web3 β˜…β˜…β˜†β˜†β˜† Docker
26   Challenge 26 Web3 β˜…β˜…β˜†β˜†β˜† Docker
27   Challenge 27 Web3 β˜…β˜…β˜†β˜†β˜† Docker
28   Challenge 28 Documentation β˜…β˜†β˜†β˜†β˜† Docker
29   Challenge 29 Documentation β˜…β˜†β˜†β˜†β˜† Docker
30   Challenge 30 Front-end β˜…β˜…β˜†β˜†β˜† Docker
31   Challenge 31 Documentation β˜…β˜†β˜†β˜†β˜† Docker
32   Challenge 32 AI β˜…β˜…β˜†β˜†β˜† Docker
33   Challenge 33 Secrets β˜…β˜…β˜†β˜†β˜† K8S
34   Challenge 34 Cryptography β˜…β˜…β˜†β˜†β˜† Docker
35   Challenge 35 Documentation β˜…β˜†β˜†β˜†β˜† Docker

Total score: 0

Hasty? Here is the Vault secret;-)

Like what you see? Please
Star us on Github
Note: The above button only takes you to the repository. Please ensure to star the repository once you are there!
OWASP Project Leaders: Top Contributors: Testers: Special mentions for helping out:
Developing our solution in 3 clouds costs money. Want to help us to cover our cloud bills? Donate.
Resources/further reading on secrets management:
Wondering what a secret is? A secret is often a confidential piece of information that is required to unlock certain functionalities or information. It can exists in many shapes or forms, for instance:
  • 2FA keys
  • Activation/Callback links
  • API keys
  • Credentials
  • Passwords
  • Private keys (decryption, signing, TLS, SSH, GPG)
  • Secret keys (symmetric encryption, HMAC)
  • Session cookies
  • Tokens (Session, Refresh, Authentication, Activation, etc.)
Want to see if your tool of choice detects all the secrets available in this project? Check the instructions in the README.