OWASP WrongSecrets v1.5.12 releases: Secrets Management-focused vulnerable app
Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques.
It can be used in security training, awareness demos, as a test environment for secret detection tools, and bad practice detection tooling.
Wondering what a secret is? A secret is often a confidential piece of information that is required to unlock certain functionalities or information. It can exist in many shapes or forms, for instance:
- 2FA keys
- Activation/Callback links
- API keys
- Private keys (decryption, signing, TLS, SSH, GPG)
- Secret keys (symmetric encryption, HMAC)
- Session cookies
- Tokens (Session, Refresh, Authentication, Activation, etc.)
- Fix for kubernetes minikube tests by @commjoen in #516
- First attempt to migrate to azure its new SDKs for #490 & solve challenge 11 on azure again #225 by @commjoen in #500
- Bump aws.sdk.version from 2.18.24 to 2.18.28 by @dependabot in #523
- Bump checkstyle from 10.4 to 10.5.0 by @dependabot in #521
- Bump jruby-complete from 22.214.171.124 to 126.96.36.199 by @dependabot in #522
- Bump minimatch from 5.1.0 to 5.1.1 in /js by @dependabot in #519
- Replace depreciated security configuration by @MarcinNowak-codes in #526
- #525 Replace Asciidoctor::convert() and OptionsBuilder::options() dep… by @nhumblot in #528
- Spring Security 5.8.0 by @MarcinNowak-codes in #529
- Update aws requirement from ~> 4.41.0 to ~> 4.45.0 in /aws by @dependabot in #527
Copyright (c) 2020-2022 Jeroen Willemsen and WrongSecret contributors.