Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md with new challenge links #1788

Merged
merged 1 commit into from
Dec 12, 2024
Merged

Update README.md with new challenge links #1788

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to _not_ store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy.

Can you solve all the 50 challenges?
Can you solve all the 51 challenges?

Try some of them on [our Heroku demo environment](https://wrongsecrets.herokuapp.com/).

Expand Down Expand Up @@ -74,7 +74,7 @@ Copyright (c) 2020-2024 Jeroen Willemsen and WrongSecrets contributors.

## Basic docker exercises

_Can be used for challenges 1-4, 8, 12-32, 34, 35-43, 49-50_
_Can be used for challenges 1-4, 8, 12-32, 34, 35-43, 49-51_

For the basic docker exercises you currently require:

Expand Down Expand Up @@ -125,8 +125,9 @@ Now you can try to find the secrets by means of solving the challenge offered at
- [localhost:8080/challenge/challenge-41](http://localhost:8080/challenge/challenge-41)
- [localhost:8080/challenge/challenge-42](http://localhost:8080/challenge/challenge-42)
- [localhost:8080/challenge/challenge-43](http://localhost:8080/challenge/challenge-43)
- [localhost:8080/challenge/challenge-43](http://localhost:8080/challenge/challenge-49)
- [localhost:8080/challenge/challenge-43](http://localhost:8080/challenge/challenge-50)
- [localhost:8080/challenge/challenge-49](http://localhost:8080/challenge/challenge-49)
- [localhost:8080/challenge/challenge-50](http://localhost:8080/challenge/challenge-50)
- [localhost:8080/challenge/challenge-51](http://localhost:8080/challenge/challenge-51)

Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look
better ;-).
Expand Down Expand Up @@ -154,7 +155,7 @@ If you want to host WrongSecrets on Railway, you can do so by deploying [this on

## Basic K8s exercise

_Can be used for challenges 1-6, 8, 12-43, 48-50_
_Can be used for challenges 1-6, 8, 12-43, 48-51_

### Minikube based

Expand Down Expand Up @@ -247,7 +248,7 @@ This is because if you run the start script again it will replace the secret in

## Cloud Challenges

_Can be used for challenges 1-50_
_Can be used for challenges 1-51_

**READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
never run this on an account which is related to your production environment or can influence your account-over-arching
Expand Down
Loading