Welcome

Welcome to OWASP WrongSecrets. With this app, we hope you will re-evaluate your secrets management strategy.


For each of the challenges below: try to find the secret! Enter it in the `Answer to solution` box and score points! Note that some challenges require this app to run on additional infrastructure (see in the table below).

#  Challenge      Focus    Difficulty        Runs on environment (current: Heroku) Solved
0   Challenge 0 Intro ★☆☆☆☆ Docker
1   Challenge 1 Git ★☆☆☆☆ Docker
2   Challenge 2 Git ★☆☆☆☆ Docker
3   Challenge 3 Docker ★☆☆☆☆ Docker
4   Challenge 4 Docker ★★☆☆☆ Docker
5   Challenge 5 Configmaps ★★☆☆☆ K8s
6   Challenge 6 Secrets ★★☆☆☆ K8s
7   Challenge 7 Vault ★★★★☆ K8s with Vault
8   Challenge 8 Logging ★★☆☆☆ Docker
9   Challenge 9 Terraform ★★★☆☆ AWS, GCP, Azure
10   Challenge 10 CSI-Driver ★★★★☆ AWS, GCP, Azure
11   Challenge 11 IAM privilege escalation ★★★★☆ AWS, GCP, Azure
12   Challenge 12 Docker ★★★☆☆ Docker
13   Challenge 13 CI/CD ★★★☆☆ Docker
14   Challenge 14 Password Manager ★★★★☆ Docker
15   Challenge 15 Git ★★☆☆☆ Docker
16   Challenge 16 Front-end ★★★☆☆ Docker
17   Challenge 17 Docker ★★★☆☆ Docker
18   Challenge 18 Cryptography ★★★★★ Docker
19   Challenge 19 Binary ★★★★☆ Docker
20   Challenge 20 Binary ★★★★☆ Docker
21   Challenge 21 Binary ★★★★★ Docker
22   Challenge 22 Binary ★★★★★ Docker
23   Challenge 23 Front-end ★☆☆☆☆ Docker
24   Challenge 24 Cryptography ★★☆☆☆ Docker
25   Challenge 25 Web3 ★★☆☆☆ Docker
26   Challenge 26 Web3 ★★☆☆☆ Docker
27   Challenge 27 Web3 ★★☆☆☆ Docker
28   Challenge 28 Documentation ★☆☆☆☆ Docker
29   Challenge 29 Documentation ★☆☆☆☆ Docker
30   Challenge 30 Front-end ★★☆☆☆ Docker
31   Challenge 31 Front-end ★☆☆☆☆ Docker
32   Challenge 32 AI ★★☆☆☆ Docker
33   Challenge 33 Secrets ★★☆☆☆ K8s
34   Challenge 34 Cryptography ★★☆☆☆ Docker
35   Challenge 35 Documentation ★☆☆☆☆ Docker
36   Challenge 36 Binary ★★★★★ Docker
37   Challenge 37 CI/CD ★★☆☆☆ Docker
38   Challenge 38 Git ★☆☆☆☆ Docker
39   Challenge 39 Cryptography ★☆☆☆☆ Docker
40   Challenge 40 Cryptography ★☆☆☆☆ Docker
41   Challenge 41 Cryptography ★★★☆☆ Docker
42   Challenge 42 Logging ★★☆☆☆ Docker
43   Challenge 43 Documentation ★☆☆☆☆ Docker
44   Challenge 44 Vault ★★★★☆ K8s with Vault
45   Challenge 45 Vault ★★★★☆ K8s with Vault
46   Challenge 46 Vault ★★★★☆ K8s with Vault

Total score: 0

Hasty? Here is the Vault secret;-)

Wondering what a secret is? A secret is often a confidential piece of information that is required to unlock certain functionalities or information. It can exists in many shapes or forms, for instance:
  • 2FA keys
  • Activation/Callback links
  • API keys
  • Credentials
  • Passwords
  • Private keys (decryption, signing, TLS, SSH, GPG)
  • Secret keys (symmetric encryption, HMAC)
  • Session cookies
  • Tokens (Session, Refresh, Authentication, Activation, etc.)
Want to see if your tool of choice detects all the secrets available in this project?
Check the instructions in the README .
Developing our solution in 3 clouds costs money. Want to help us to cover our cloud bills? Donate.