Welcome to OWASP WrongSecrets. With this app, we hope you will re-evaluate your secrets management strategy.
For each of the challenges below: try to find the secret! Enter it in the `Answer to solution` box and score points! Note that some challenges require this app to run on additional infrastructure (see in the table below).
# | Challenge | Focus | Difficulty | Runs on environment (current: Heroku) | Solved |
---|---|---|---|---|---|
0 | Challenge 0 | Intro | ★☆☆☆☆ | Docker | |
1 | Challenge 1 | Git | ★☆☆☆☆ | Docker | |
2 | Challenge 2 | Git | ★☆☆☆☆ | Docker | |
3 | Challenge 3 | Docker | ★☆☆☆☆ | Docker | |
4 | Challenge 4 | Docker | ★★☆☆☆ | Docker | |
5 | Challenge 5 | Configmaps | ★★☆☆☆ | K8s | |
6 | Challenge 6 | Secrets | ★★☆☆☆ | K8s | |
7 | Challenge 7 | Vault | ★★★★☆ | K8s with Vault | |
8 | Challenge 8 | Logging | ★★☆☆☆ | Docker | |
9 | Challenge 9 | Terraform | ★★★☆☆ | AWS, GCP, Azure | |
10 | Challenge 10 | CSI-Driver | ★★★★☆ | AWS, GCP, Azure | |
11 | Challenge 11 | IAM privilege escalation | ★★★★☆ | AWS, GCP, Azure | |
12 | Challenge 12 | Docker | ★★★☆☆ | Docker | |
13 | Challenge 13 | CI/CD | ★★★☆☆ | Docker | |
14 | Challenge 14 | Password Manager | ★★★★☆ | Docker | |
15 | Challenge 15 | Git | ★★☆☆☆ | Docker | |
16 | Challenge 16 | Front-end | ★★★☆☆ | Docker | |
17 | Challenge 17 | Docker | ★★★☆☆ | Docker | |
18 | Challenge 18 | Cryptography | ★★★★★ | Docker | |
19 | Challenge 19 | Binary | ★★★★☆ | Docker | |
20 | Challenge 20 | Binary | ★★★★☆ | Docker | |
21 | Challenge 21 | Binary | ★★★★★ | Docker | |
22 | Challenge 22 | Binary | ★★★★★ | Docker | |
23 | Challenge 23 | Front-end | ★☆☆☆☆ | Docker | |
24 | Challenge 24 | Cryptography | ★★☆☆☆ | Docker | |
25 | Challenge 25 | Web3 | ★★☆☆☆ | Docker | |
26 | Challenge 26 | Web3 | ★★☆☆☆ | Docker | |
27 | Challenge 27 | Web3 | ★★☆☆☆ | Docker | |
28 | Challenge 28 | Documentation | ★☆☆☆☆ | Docker | |
29 | Challenge 29 | Documentation | ★☆☆☆☆ | Docker | |
30 | Challenge 30 | Front-end | ★★☆☆☆ | Docker | |
31 | Challenge 31 | Front-end | ★☆☆☆☆ | Docker | |
32 | Challenge 32 | AI | ★★☆☆☆ | Docker | |
33 | Challenge 33 | Secrets | ★★☆☆☆ | K8s | |
34 | Challenge 34 | Cryptography | ★★☆☆☆ | Docker | |
35 | Challenge 35 | Documentation | ★☆☆☆☆ | Docker | |
36 | Challenge 36 | Binary | ★★★★★ | Docker | |
37 | Challenge 37 | CI/CD | ★★☆☆☆ | Docker | |
38 | Challenge 38 | Git | ★☆☆☆☆ | Docker | |
39 | Challenge 39 | Cryptography | ★☆☆☆☆ | Docker | |
40 | Challenge 40 | Cryptography | ★☆☆☆☆ | Docker | |
41 | Challenge 41 | Cryptography | ★★★☆☆ | Docker | |
42 | Challenge 42 | Logging | ★★☆☆☆ | Docker | |
43 | Challenge 43 | Documentation | ★☆☆☆☆ | Docker | |
44 | Challenge 44 | Vault | ★★★★☆ | K8s with Vault | |
45 | Challenge 45 | Vault | ★★★★☆ | K8s with Vault | |
46 | Challenge 46 | Vault | ★★★★☆ | K8s with Vault | |
47 | Challenge 47 | Vault | ★★☆☆☆ | K8s with Vault | |
48 | Challenge 48 | Secrets | ★★☆☆☆ | K8s | |
49 | Challenge 49 | Cryptography | ★★★☆☆ | Docker | |
50 | Challenge 50 | Binary | ★★☆☆☆ | Docker |
Total score: 0
Hasty? Here is the Vault secret;-)