crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits 18732b85
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 8 lines
    9 9  [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7024/badge)](https://bestpractices.coreinfrastructure.org/projects/7024)
    10 10  [![Discussions](https://img.shields.io/github/discussions/OWASP/wrongsecrets)](https://github.com/OWASP/wrongsecrets/discussions)
    11 11   
    12  -Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your
    13  -secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different
    14  -secrets by means of various tools and techniques.
     12 +Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to _not_ store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy.
     13 + 
     14 +Can you solve all the 29 challenges?
     15 + 
     16 +Try some of them on [our Heroku demo environment](https://wrongsecrets.herokuapp.com/).
     17 + 
     18 +Want to play the other challenges? Read the instructions on how to set them up below.
    15 19   
    16  -Can you solve all the 28 challenges?
    17 20  ![screenshotOfChallenge1](/images/screenshot.png)
    18 21   
    19 22  <a href="https://github.com/vshymanskyy/StandWithUkraine/blob/main/README.md"><img src="https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-no-action.svg" /></a>
    skipped 462 lines
  • ■ ■ ■ ■ ■
    src/main/resources/explanations/challenge0.adoc
    skipped 3 lines
    4 4   
    5 5  In this challenge, we explain you everything you need to know to play OWASP WrongSecrets.
    6 6   
    7  -Every challenge is about finding a secret that has not been well hidden and/or configured inside our application code, Docker container, or in one of the related parts of the system.
     7 +Every challenge is about finding a secret that has not been well hidden and/or configured inside our https://github.com/OWASP/wrongsecrets[application code], https://hub.docker.com/r/jeroenwillemsen/wrongsecrets[Docker container], or in one of the related parts of the https://github.com/OWASP/wrongsecrets#table-of-contents[system].
    8 8   
    9 9  Once you found the secret, you can put it in the box below and press "Submit". The "Clear" button will clean the input box.
    10 10  Want to play the challenge again? Press the "Reset button".
    skipped 2 lines
    13 13   
    14 14  Have a lot of fun with the more difficult challenges ;-).
    15 15   
     16 +Note: some of the challenges ahead will require you to use additional tools to get to the solution. For this you need a computer with all the tools installed. Don't want to install them yourself? You can use a container to have them all available to you at once by using
     17 + 
     18 +[source, shell]
     19 +docker run -p 3000:3000 -v /var/run/docker.sock:/var/run/docker.sock jeroenwillemsen/wrongsecrets-desktop:latest
     20 + 
     21 + 
     22 +Then, in your browser go to http://localhost:3000[http://localhost:3000] to find a webtop waiting for you with all the tools required.
     23 + 
Please wait...
Page is in error, reload to recover