1 | | - | <html xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" xmlns:th="http://www.thymeleaf.org" |
2 | | - | layout:decorate="~{index.html}"> |
3 | | - | <body> |
4 | | - | |
5 | | - | <div layout:fragment="content"> |
6 | | - | <div class="container-fluid mt-3 text-sm p-4 bg-light"> |
7 | | - | <div class="display-5">Welcome</div> |
8 | | - | <p class="lead">Welcome to OWASP WrongSecrets. With this app, we hope you will re-evaluate your secrets |
9 | | - | management |
10 | | - | strategy.</p> |
11 | | - | <hr class="my-2 my-lg-3"> |
12 | | - | <p>For each of the challenges below: try to find the secret! Enter it in the `Answer to solution` box and |
13 | | - | score points! Note that some challenges require this app to run on additional infrastructure (see in the |
14 | | - | table below). |
15 | | - | </p> |
16 | | - | </div> |
17 | | - | <div class="container-fluid text-sm p-2 p-lg-3"> |
18 | | - | <div class="row"> |
19 | | - | <div class="col-12 col-lg-7"> |
20 | | - | <table class="table table-responsive" id="challenge_overview"> |
21 | | - | <thead> |
22 | | - | <tr> |
23 | | - | <th scope="col" class="d-none d-xl-table-cell">#</th> |
24 | | - | <th scope="col"> Challenge </th> |
25 | | - | <th scope="col">Focus </th> |
26 | | - | <th scope="col" class="d-none d-md-table-cell">Difficulty </th> |
27 | | - | <th scope="col" |
28 | | - | th:text="'Runs on environment (current: '+${#strings.replace(environment,'_',' _')}+')'"></th> |
29 | | - | </tr> |
30 | | - | </thead> |
31 | | - | <tbody> |
32 | | - | <tr th:each="challenge: ${challenges}"> |
33 | | - | <th scope="row" class="d-none d-xl-table-cell" th:text="${challenge.link}"></th> |
34 | | - | <td> <a th:href="@{/challenge} + '/' + ${challenge.link}" |
35 | | - | th:class="${challenge.isChallengeEnabled} ? '' : 'disabled'" |
36 | | - | th:attr="data-cy=${#strings.toLowerCase(challenge.name)} + '-link'"><span |
37 | | - | th:text="${challenge.name}" |
38 | | - | th:remove="tag"></span></a></td> |
39 | | - | <td th:text="${challenge.tech}"></td> |
40 | | - | <td class="d-none d-md-table-cell" th:text="${challenge.starsOnScale}"> |
41 | | - | </td> |
42 | | - | <th:block th:if="${challenge.requiredEnv} == 'DOCKER'"> |
43 | | - | <td class="" >Docker</td> |
44 | | - | </th:block> |
45 | | - | <th:block th:if="${challenge.requiredEnv} == 'K8S'"> |
46 | | - | <td class="" >K8S</td> |
47 | | - | </th:block> |
48 | | - | <th:block th:if="${challenge.requiredEnv} == 'VAULT'"> |
49 | | - | <td class="" >K8S with Vault</td> |
50 | | - | </th:block> |
51 | | - | <th:block |
52 | | - | th:if="${challenge.requiredEnv} == 'AWS' or ${challenge.requiredEnv} == 'GCP' or ${challenge.requiredEnv} == 'AZURE'"> |
53 | | - | <td class="" >AWS, GCP, Azure</td> |
54 | | - | </th:block> |
55 | | - | </tr> |
56 | | - | </tbody> |
57 | | - | </table> |
58 | | - | |
59 | | - | |
60 | | - | <!-- <p th:text="'You are currently running on the following environment: '+${environment}"></p>--> |
61 | | - | <p>Hasty? Here is the Vault <a href="spoil-7">secret;-)</a></p> |
62 | | - | |
63 | | - | |
| 1 | + | <html |
| 2 | + | xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" |
| 3 | + | xmlns:th="http://www.thymeleaf.org" |
| 4 | + | layout:decorate="~{index.html}" |
| 5 | + | > |
| 6 | + | <body> |
| 7 | + | <div layout:fragment="content"> |
| 8 | + | <div class="container-fluid mt-3 text-sm p-4 bg-light"> |
| 9 | + | <div class="display-5">Welcome</div> |
| 10 | + | <p class="lead"> |
| 11 | + | Welcome to OWASP WrongSecrets. With this app, we hope you will re-evaluate your secrets management |
| 12 | + | strategy. |
| 13 | + | </p> |
| 14 | + | <hr class="my-2 my-lg-3" /> |
| 15 | + | <p> |
| 16 | + | For each of the challenges below: try to find the secret! Enter it in the `Answer to solution` box |
| 17 | + | and score points! Note that some challenges require this app to run on additional infrastructure |
| 18 | + | (see in the table below). |
| 19 | + | </p> |
64 | 20 | | </div> |
65 | | - | <div class="col-12 col-lg-4 offset-lg-1"> |
66 | | - | <div class="border border-dark thank-you text-center"> |
67 | | - | Like what you see? Please <br/> |
68 | | - | <a class="github-button" |
69 | | - | href="https://github.com/OWASP/wrongsecrets" |
70 | | - | data-icon="octicon-star" |
71 | | - | data-size="large" |
72 | | - | data-color-scheme="dark: light;" |
73 | | - | data-show-count="true" |
74 | | - | aria-label="Star commjoen/wrongsecrets on GitHub">Star us on Github</a> |
75 | | - | </div> |
76 | | - | <div class="border border-dark thank-you"> |
77 | | - | OWASP Project Leaders: |
78 | | - | <ul> |
79 | | - | <li><a href="https://github.com/bendehaan">Ben de Haan @bendehaan</a></li> |
80 | | - | <li><a href="https://github.com/commjoen">Jeroen willemsen @commjoen</a></li> |
81 | | - | </ul> |
82 | | - | Top Contributors: |
83 | | - | <ul> |
84 | | - | <li><a href="https://github.com/nbaars">Nanne Baars @nbaars</a></li> |
85 | | - | <li><a href="https://github.com/MarcinNowak-codes">Marcin Nowak @MarcinNowak-codes</a></li> |
86 | | - | <li><a href="https://github.com/remakingeden">Joss Sparkes @remakingeden</a></li> |
87 | | - | <li><a href="https://github.com/tiborhercz">Tibor Hercz @tiborhercz</a></li> |
88 | | - | <li><a href="https://github.com/neatzsche">Chris Elbring Jr. @neatzsche</a> |
89 | | - | <li><a href="https://github.com/puneeth072003">Puneeth Y @puneeth072003</a> |
90 | | - | <li><a href="https://github.com/mikewoudenberg">Mike Woudenberg @mikewoudenberg</a></li> |
91 | | - | <li><a href="https://github.com/Novice-expert">Divyanshu Dev @Novice-expert</a></li> |
92 | | - | <li><a href="https://github.com/fchyla">Filip Chyla @fchyla</a></li> |
93 | | - | <li><a href="https://github.com/Dlitosh">Dmitry Litosh @Dlitosh</a></li> |
94 | | - | <li><a href="https://github.com/tghosth">Josh Grossman @tghosth</a></li> |
95 | | - | <li><a href="https://github.com/turjoc120">Turjo Chowdhury @turjoc120</a></li> |
96 | | - | <li><a href="https://github.com/northdpole">Spyros @northdpole</a></li> |
97 | | - | <li><a href="https://github.com/RubenAtBinx">Ruben Kruiver @RubenAtBinx</a></li> |
98 | | - | <li><a href="https://github.com/szh">Shlomo Zalman Heigh @szhx</a></li> |
99 | | - | <li><a href="https://github.com/nhumblot">Nicolas Humblot @nhumblot</a></li> |
100 | | - | <li><a href="https://github.com/madhuakula">Madhu Akula @madhuakula</a></li> |
101 | | - | <li><a href="https://github.com/alex-bender">Alex Bender @alex-bender</a></li> |
102 | | - | <li><a href="https://github.com/f3rn0s">Finn @f3rn0s</a></li> |
103 | | - | <li><a href="https://github.com/kingthorin">Rick M @kingthorin</a></li> |
104 | | - | </ul> |
105 | | - | Testers: |
106 | | - | <ul> |
107 | | - | <li><a href="https://github.com/davevs">Dave van Stein @davevs</a></li> |
108 | | - | <li><a href="https://github.com/MarcinNowak-codes">Marcin Nowak @MarcinNowak-codes</a></li> |
109 | | - | <li><a href="https://github.com/mchangsp">Marc Chang Sing Pang @mchangsp</a></li> |
110 | | - | </ul> |
111 | | - | Special mentions for helping out: |
112 | | - | <ul> |
113 | | - | <li><a href="https://github.com/madhuakula">Madhu Akula @madhuakula</a></li> |
114 | | - | <li><a href="https://github.com/bkimminich">Björn Kimminich @bkimminich</a></li> |
115 | | - | <li><a href="https://github.com/saragluna">Xiaolu Dai @saragluna</a></li> |
116 | | - | <li><a href="https://github.com/JonathanGiles">Jonathan Giles @jonathanGiles</a></li> |
117 | | - | </ul> |
118 | | - | </div> |
119 | | - | <div class="border border-dark thank-you text-center"> |
120 | | - | Developing our solution in 3 clouds costs money. Want to help us to cover our cloud bills? |
121 | | - | <a href="https://owasp.org/donate/?reponame=www-project-wrongsecrets&title=OWASP+wrongsecrets" target="_blank">Donate</a>. |
122 | | - | </div> |
123 | | - | </div> |
124 | | - | <div class="col-12 col-lg-7"> |
125 | | - | <div class="border border-dark thank-you"> |
126 | | - | Resources/further reading on secrets management:<br/> |
127 | | - | <ul> |
128 | | - | <li><a href="https://dev.to/commjoen/secure-deployment-10-pointers-on-secrets-management-187j">Blog: |
129 | | - | 10 Pointers on Secrets Management</a></li> |
130 | | - | <li><a href="https://owaspsamm.org/model/implementation/secure-deployment/stream-b/">OWASP SAMM |
131 | | - | on Secret Management</a></li> |
132 | | - | <li><a href="https://github.com/topics/secrets-detection">The secret detection topic at |
133 | | - | Github</a></li> |
134 | | - | <li><a |
135 | | - | href="https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Secrets_Management_Cheat_Sheet.md">OWASP |
136 | | - | Secretsmanagement Cheatsheet</a></li> |
137 | | - | <li><a |
138 | | - | href="https://www.opencre.org/cre/223-780?register=true&type=tool&tool_type=training&tags=secrets,training&description=With%20this%20app%2C%20we%20have%20packed%20various%20ways%20of%20how%20to%20not%20store%20your%20secrets.%20These%20can%20help%20you%20to%20realize%20whether%20your%20secret%20management%20is%20ok.%20The%20challenge%20is%20to%20find%20all%20the%20different%20secrets%20by%20means%20of%20various%20tools%20and%20techniques.%20Can%20you%20solve%20all%20the%2014%20challenges%3F&trk=flagship-messaging-web&messageThreadUrn=urn:li:messagingThread:2-YmRkNjRkZTMtNjRlYS00OWNiLWI2YmUtMDYwNzY3ZjI1MDcyXzAxMg==&lipi=urn:li:page:d_flagship3_feed;J58Sgd80TdanpKWFMH6z+w==">Open |
139 | | - | CRE on Secrets Management</a></li> |
140 | | - | </ul> |
141 | | - | </div> |
142 | | - | </div> |
143 | | - | <div class="col-12 col-lg-7"> |
144 | | - | <div class="border border-dark thank-you"> |
145 | | - | Wondering what a secret is? A secret is often a confidential piece of information that is required |
146 | | - | to unlock certain functionalities or information. |
147 | | - | It can exists in many shapes or forms, for instance: |
148 | | - | <ul> |
149 | | - | <li>2FA keys</li> |
150 | | - | <li>Activation/Callback links</li> |
151 | | - | <li>API keys</li> |
152 | | - | <li>Credentials</li> |
153 | | - | <li>Passwords</li> |
154 | | - | <li>Private keys (decryption, signing, TLS, SSH, GPG)</li> |
155 | | - | <li>Secret keys (symmetric encryption, HMAC)</li> |
156 | | - | <li>Session cookies</li> |
157 | | - | <li>Tokens (Session, Refresh, Authentication, Activation, etc.)</li> |
158 | | - | </ul> |
159 | | - | </div> |
160 | | - | </div> |
161 | | - | <div class="col-12 col-lg-7"> |
162 | | - | <div class="border border-dark thank-you"> |
163 | | - | Want to see if your tool of choice detects all the secrets available in this project? <a |
164 | | - | href="https://github.com/OWASP/wrongsecrets/#use-owasp-wrongsecrets-as-a-secret-detection-benchmark">Check |
165 | | - | the instructions in the README</a>. |
| 21 | + | <div class="container-fluid text-sm p-2 p-lg-3"> |
| 22 | + | <div class="row"> |
| 23 | + | <div class="col-12 col-lg-7"> |
| 24 | + | <table class="table table-responsive" id="challenge_overview" data-cy="challenge-overview"> |
| 25 | + | <thead> |
| 26 | + | <tr> |
| 27 | + | <th scope="col" class="d-none d-xl-table-cell">#</th> |
| 28 | + | <th scope="col"> Challenge </th> |
| 29 | + | <th scope="col">Focus </th> |
| 30 | + | <th scope="col" class="d-none d-md-table-cell"> |
| 31 | + | Difficulty |
| 32 | + | </th> |
| 33 | + | <th |
| 34 | + | scope="col" |
| 35 | + | th:text="'Runs on environment (current: '+${#strings.replace(environment,'_',' _')}+')'" |
| 36 | + | ></th> |
| 37 | + | <th scope="col" class="d-none d-xl-table-cell">Solved</th> |
| 38 | + | </tr> |
| 39 | + | </thead> |
| 40 | + | <tbody> |
| 41 | + | <tr |
| 42 | + | th:each="challenge: ${challenges}" |
| 43 | + | th:class="${challenge.challengeCompleted} ? solved : ''" |
| 44 | + | data-cy="challenge-row" > |
| 45 | + | <th scope="row" class="d-none d-xl-table-cell" th:text="${challenge.link}"></th> |
| 46 | + | <td> |
| 47 | + | <span |
| 48 | + | class="d-xl-none" |
| 49 | + | th:if="${challenge.challengeCompleted}" |
| 50 | + | >☑ </span> |
| 51 | + | <a th:href="'/challenge/' + ${challenge.link}" th:class="${challenge.isChallengeEnabled} ? '' : 'disabled'"> |
| 52 | + | <span th:text="${challenge.name}" th:attr="data-cy=${challenge.getDataLabel}"></span> |
| 53 | + | </a> |
| 54 | + | </td> |
| 55 | + | <td th:text="${challenge.tech}"></td> |
| 56 | + | <td class="d-none d-md-table-cell" th:text="${challenge.starsOnScale}"></td> |
| 57 | + | <th:block th:if="${challenge.requiredEnv} == 'DOCKER'"> |
| 58 | + | <td class="">Docker</td> |
| 59 | + | </th:block> |
| 60 | + | <th:block th:if="${challenge.requiredEnv} == 'K8S'"> |
| 61 | + | <td class="">K8S</td> |
| 62 | + | </th:block> |
| 63 | + | <th:block th:if="${challenge.requiredEnv} == 'VAULT'"> |
| 64 | + | <td class="">K8S with Vault</td> |
| 65 | + | </th:block> |
| 66 | + | <th:block |
| 67 | + | th:if="${challenge.requiredEnv} == 'AWS' or ${challenge.requiredEnv} == 'GCP' or ${challenge.requiredEnv} == 'AZURE'" |
| 68 | + | > |
| 69 | + | <td class="">AWS, GCP, Azure</td> |
| 70 | + | </th:block> |
| 71 | + | <td class="d-none d-xl-table-cell"> |
| 72 | + | <span |
| 73 | + | th:if="${challenge.challengeCompleted}" |
| 74 | + | >☑</span |
| 75 | + | > |
| 76 | + | </td> |
| 77 | + | </tr> |
| 78 | + | </tbody> |
| 79 | + | </table> |
| 80 | + | <p th:if="${ctfServerAddress == null}" th:text="'Total score: '+${totalScore}" th:attr="data-cy='total-score'"></p> |
| 81 | + | <p |
| 82 | + | th:if="${ctfServerAddress != null}" |
| 83 | + | th:text="'Scoring and progress keeping is disabled in CTF mode, have a look at '+${ctfServerAddress}+' for your actual score and progress'" |
| 84 | + | ></p> |
| 85 | + | <!-- <p th:text="'You are currently running on the following environment: '+${environment}"></p>--> |
| 86 | + | <p>Hasty? Here is the Vault <a href="spoil-7">secret;-)</a></p> |
| 87 | + | </div> |
| 88 | + | <div class="col-12 col-lg-4 offset-lg-1"> |
| 89 | + | <div class="border border-dark thank-you text-center"> |
| 90 | + | Like what you see? Please <br /> |
| 91 | + | <a |
| 92 | + | class="github-button" |
| 93 | + | href="https://github.com/OWASP/wrongsecrets" |
| 94 | + | data-icon="octicon-star" |
| 95 | + | data-size="large" |
| 96 | + | data-color-scheme="dark: light;" |
| 97 | + | data-show-count="true" |
| 98 | + | aria-label="Star commjoen/wrongsecrets on GitHub" |
| 99 | + | >Star us on Github</a |
| 100 | + | > |
| 101 | + | </div> |
| 102 | + | <div class="border border-dark thank-you"> |
| 103 | + | OWASP Project Leaders: |
| 104 | + | <ul> |
| 105 | + | <li><a href="https://github.com/bendehaan">Ben de Haan @bendehaan</a></li> |
| 106 | + | <li><a href="https://github.com/commjoen">Jeroen willemsen @commjoen</a></li> |
| 107 | + | </ul> |
| 108 | + | Top Contributors: |
| 109 | + | <ul> |
| 110 | + | <li><a href="https://github.com/nbaars">Nanne Baars @nbaars</a></li> |
| 111 | + | <li> |
| 112 | + | <a href="https://github.com/MarcinNowak-codes">Marcin Nowak @MarcinNowak-codes</a> |
| 113 | + | </li> |
| 114 | + | <li><a href="https://github.com/remakingeden">Joss Sparkes @remakingeden</a></li> |
| 115 | + | <li><a href="https://github.com/tiborhercz">Tibor Hercz @tiborhercz</a></li> |
| 116 | + | <li><a href="https://github.com/neatzsche">Chris Elbring Jr. @neatzsche</a></li> |
| 117 | + | <li><a href="https://github.com/puneeth072003">Puneeth Y @puneeth072003</a></li> |
| 118 | + | <li><a href="https://github.com/mikewoudenberg">Mike Woudenberg @mikewoudenberg</a></li> |
| 119 | + | <li><a href="https://github.com/Novice-expert">Divyanshu Dev @Novice-expert</a></li> |
| 120 | + | <li><a href="https://github.com/fchyla">Filip Chyla @fchyla</a></li> |
| 121 | + | <li><a href="https://github.com/Dlitosh">Dmitry Litosh @Dlitosh</a></li> |
| 122 | + | <li><a href="https://github.com/tghosth">Josh Grossman @tghosth</a></li> |
| 123 | + | <li><a href="https://github.com/turjoc120">Turjo Chowdhury @turjoc120</a></li> |
| 124 | + | <li><a href="https://github.com/northdpole">Spyros @northdpole</a></li> |
| 125 | + | <li><a href="https://github.com/RubenAtBinx">Ruben Kruiver @RubenAtBinx</a></li> |
| 126 | + | <li><a href="https://github.com/szh">Shlomo Zalman Heigh @szhx</a></li> |
| 127 | + | <li><a href="https://github.com/nhumblot">Nicolas Humblot @nhumblot</a></li> |
| 128 | + | <li><a href="https://github.com/madhuakula">Madhu Akula @madhuakula</a></li> |
| 129 | + | <li><a href="https://github.com/alex-bender">Alex Bender @alex-bender</a></li> |
| 130 | + | <li><a href="https://github.com/f3rn0s">Finn @f3rn0s</a></li> |
| 131 | + | <li><a href="https://github.com/kingthorin">Rick M @kingthorin</a></li> |
| 132 | + | </ul> |
| 133 | + | Testers: |
| 134 | + | <ul> |
| 135 | + | <li><a href="https://github.com/davevs">Dave van Stein @davevs</a></li> |
| 136 | + | <li> |
| 137 | + | <a href="https://github.com/MarcinNowak-codes">Marcin Nowak @MarcinNowak-codes</a> |
| 138 | + | </li> |
| 139 | + | <li><a href="https://github.com/mchangsp">Marc Chang Sing Pang @mchangsp</a></li> |
| 140 | + | </ul> |
| 141 | + | Special mentions for helping out: |
| 142 | + | <ul> |
| 143 | + | <li><a href="https://github.com/madhuakula">Madhu Akula @madhuakula</a></li> |
| 144 | + | <li><a href="https://github.com/bkimminich">Björn Kimminich @bkimminich</a></li> |
| 145 | + | <li><a href="https://github.com/saragluna">Xiaolu Dai @saragluna</a></li> |
| 146 | + | <li><a href="https://github.com/JonathanGiles">Jonathan Giles @jonathanGiles</a></li> |
| 147 | + | </ul> |
| 148 | + | </div> |
| 149 | + | <div class="border border-dark thank-you text-center"> |
| 150 | + | Developing our solution in 3 clouds costs money. Want to help us to cover our cloud bills? |
| 151 | + | <a |
| 152 | + | href="https://owasp.org/donate/?reponame=www-project-wrongsecrets&title=OWASP+wrongsecrets" |
| 153 | + | target="_blank" |
| 154 | + | >Donate</a |
| 155 | + | >. |
| 156 | + | </div> |
| 157 | + | </div> |
| 158 | + | <div class="col-12 col-lg-7"> |
| 159 | + | <div class="border border-dark thank-you"> |
| 160 | + | Resources/further reading on secrets management:<br /> |
| 161 | + | <ul> |
| 162 | + | <li> |
| 163 | + | <a |
| 164 | + | href="https://dev.to/commjoen/secure-deployment-10-pointers-on-secrets-management-187j" |
| 165 | + | >Blog: 10 Pointers on Secrets Management</a |
| 166 | + | > |
| 167 | + | </li> |
| 168 | + | <li> |
| 169 | + | <a href="https://owaspsamm.org/model/implementation/secure-deployment/stream-b/" |
| 170 | + | >OWASP SAMM on Secret Management</a |
| 171 | + | > |
| 172 | + | </li> |
| 173 | + | <li> |
| 174 | + | <a href="https://github.com/topics/secrets-detection" |
| 175 | + | >The secret detection topic at Github</a |
| 176 | + | > |
| 177 | + | </li> |
| 178 | + | <li> |
| 179 | + | <a |
| 180 | + | href="https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Secrets_Management_Cheat_Sheet.md" |
| 181 | + | >OWASP Secretsmanagement Cheatsheet</a |
| 182 | + | > |
| 183 | + | </li> |
| 184 | + | <li> |
| 185 | + | <a |
| 186 | + | href="https://www.opencre.org/cre/223-780?register=true&type=tool&tool_type=training&tags=secrets,training&description=With%20this%20app%2C%20we%20have%20packed%20various%20ways%20of%20how%20to%20not%20store%20your%20secrets.%20These%20can%20help%20you%20to%20realize%20whether%20your%20secret%20management%20is%20ok.%20The%20challenge%20is%20to%20find%20all%20the%20different%20secrets%20by%20means%20of%20various%20tools%20and%20techniques.%20Can%20you%20solve%20all%20the%2014%20challenges%3F&trk=flagship-messaging-web&messageThreadUrn=urn:li:messagingThread:2-YmRkNjRkZTMtNjRlYS00OWNiLWI2YmUtMDYwNzY3ZjI1MDcyXzAxMg==&lipi=urn:li:page:d_flagship3_feed;J58Sgd80TdanpKWFMH6z+w==" |
| 187 | + | >Open CRE on Secrets Management</a |
| 188 | + | > |
| 189 | + | </li> |
| 190 | + | </ul> |
| 191 | + | </div> |
| 192 | + | </div> |
| 193 | + | <div class="col-12 col-lg-7"> |
| 194 | + | <div class="border border-dark thank-you"> |
| 195 | + | Wondering what a secret is? A secret is often a confidential piece of information that is |
| 196 | + | required to unlock certain functionalities or information. It can exists in many shapes or |
| 197 | + | forms, for instance: |
| 198 | + | <ul> |
| 199 | + | <li>2FA keys</li> |
| 200 | + | <li>Activation/Callback links</li> |
| 201 | + | <li>API keys</li> |
| 202 | + | <li>Credentials</li> |
| 203 | + | <li>Passwords</li> |
| 204 | + | <li>Private keys (decryption, signing, TLS, SSH, GPG)</li> |
| 205 | + | <li>Secret keys (symmetric encryption, HMAC)</li> |
| 206 | + | <li>Session cookies</li> |
| 207 | + | <li>Tokens (Session, Refresh, Authentication, Activation, etc.)</li> |
| 208 | + | </ul> |
| 209 | + | </div> |
| 210 | + | </div> |
| 211 | + | <div class="col-12 col-lg-7"> |
| 212 | + | <div class="border border-dark thank-you"> |
| 213 | + | Want to see if your tool of choice detects all the secrets available in this project? |
| 214 | + | <a |
| 215 | + | href="https://github.com/OWASP/wrongsecrets/#use-owasp-wrongsecrets-as-a-secret-detection-benchmark" |
| 216 | + | >Check the instructions in the README</a |
| 217 | + | >. |
| 218 | + | </div> |
| 219 | + | </div> |
166 | 220 | | </div> |
167 | 221 | | </div> |
168 | 222 | | </div> |
169 | | - | </div> |
170 | | - | </div> |
171 | | - | </body> |
| 223 | + | </body> |
172 | 224 | | </html> |
173 | 225 | | |