OWASP WrongSecrets
OWASP WrongSecrets is the first Secrets Management-focused vulnerable/p0wnable app! It can be used in security trainings, awareness demos, as a test environment for secret detection tools, and bad practice detection tooling.
Description
WrongSecrets is based on Java, Docker, Terraform, and a bit of scripting fun. It contains more than 10 exercises with various “hidden” secrets - which you need to find.
Contributors
Leaders:
Top contributors:
Special mentions for helping out:
Actual contributors at this point in time.
Licensing
This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. OWASP Juice Shop and any contributions are Copyright © by Jeroen Willemsen & the OWASP WrongSecrets contributors 2020-2021.
Overview
The application can best be run in a Docker container as part of a K8s cluster. Some challenges are unique to specific public clouds (AWS only for now). More overview details will follow later. Consult the GitHub repo readme for more information.