-
-
Notifications
You must be signed in to change notification settings - Fork 372
Home
OWASP WrongSecrets is a deliberately insecure application focused on secret management.
In this app, we have packed various ways showing you how to not store your secrets. The challenge is to find all the different secrets in multiple environments by means of various tools and techniques.
Our aim is to provide you with some knowledge so that you can improve your own secret management. For a detailed challenge guide with some additional information, keep tabs on this wiki space!
Good luck!
The WrongSecrets Team
Every challenge guide contains:
- More details on the (mis)configuration
- Step-by-step instructions on finding the secret
- A take away message to prevent making these mistakes in real life
Guides:
- Challenge 1
- Challenge 2
- Challenge 3
- Challenge 4
- Challenge 5
- Challenge 6
- Challenge 7
- Challenge 8
- Challenge 9
- Challenge 10
- Challenge 11
- Challenge 12
Need support? Contact us via OWASP Slack (sign up here), file a PR, file an issue, or use discussions. Please note that this is an OWASP volunteer-based project, so it might take a little while before we respond.