Skip to content

Penetration Testing Tools

Search for:

Home
Data Forensics
Ethical Hacking
Mobile Hacking
Network Attacks
Vulnerability Assessment
Web AppSec
OSINT
Code Assessment
Malware Offense
IoT
Cryptography
Arsenal Lab
Hardware/Embedded
Malware Defense
Network Defense
Reverse Engineering
Smart Grid/Industrial Security

Home
Data Forensics
Ethical Hacking
Mobile Hacking
Network Attacks
Vulnerability Assessment
Web AppSec
OSINT
Code Assessment
Malware Offense
IoT
Cryptography
Arsenal Lab
Hardware/Embedded
Malware Defense
Network Defense
Reverse Engineering
Smart Grid/Industrial Security

Search for:

Penetration Testing Tools

Arsenal Lab / Web AppSec

OWASP WrongSecrets: Secrets Management-focused vulnerable app

by ddos · September 20, 2024

OWASP WrongSecrets

Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques.

It can be used in security training, awareness demos, as a test environment for secret detection tools, and bad practice detection tooling.

Wondering what a secret is? A secret is often a confidential piece of information that is required to unlock certain functionalities or information. It can exist in many shapes or forms, for instance:

2FA keys
Activation/Callback links

API keys
Credentials
Passwords

Private keys (decryption, signing, TLS, SSH, GPG)
Secret keys (symmetric encryption, HMAC)
Session cookies

Tokens (Session, Refresh, Authentication, Activation, etc.)

Install

Copyright (c) 2020-2022 Jeroen Willemsen and WrongSecret contributors.

Share

Tags: OWASP WrongSecrets

Follow:

Next story SCCM HTTP Looter: Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares
Previous story nightingale: enterprise-level cloud-native monitoring system

Search

MAKE THE WEBSITE ONLINE

Popular Posts
Tags

Ethical Hacking / Malware Offense

Ghost: Evasive shellcode loader

November 17, 2024
Malware Defense

phpMussel: PHP-based anti-virus anti-trojan anti-malware solution

October 18, 2024
Ethical Hacking

Beyond EXE: A PoC Exploring Code Execution Flexibility

October 18, 2024
Data Forensics

MemProcFS: The Memory Process File System

October 19, 2024
Vulnerability Assessment

Adversarial Robustness Toolbox: crafting and analysis of attacks and defense methods for machine learning models

October 19, 2024

Amazon AMD Android Apple ARM Artificial intelligence ASRock Asus ChatGPT chrome facebook Firefox Gigabyte Github google Google Chrome hacker Huawei Intel Lenovo LG Linux Linux Kernel MediaTek Meta Microsoft microsoft edge MSI Nvidia OpenAI PlayStation 5 Qualcomm ransomware Samsung SK Hynix Sony Steam Deck TSMC vulnerability windows Windows 7 Windows 10 Windows 10X Windows 11 Xbox

Reward

Brilliantly

SAFE!

meterpreter.org

Content & Links

Verified by Sur.ly

2022

Home
About Us
Contact Us
DMCA NOTICE
Privacy Policy

Penetration Testing Tools © 2024. All Rights Reserved.

x