Skip to content

Penetration Testing Tools

Search for:

Home
Data Forensics
Ethical Hacking
Mobile Hacking
Network Attacks
Vulnerability Assessment
Web AppSec
OSINT
Code Assessment
Malware Offense
IoT
Cryptography
Arsenal Lab
Hardware/Embedded
Malware Defense
Network Defense
Reverse Engineering
Smart Grid/Industrial Security

Home
Data Forensics
Ethical Hacking
Mobile Hacking
Network Attacks
Vulnerability Assessment
Web AppSec
OSINT
Code Assessment
Malware Offense
IoT
Cryptography
Arsenal Lab
Hardware/Embedded
Malware Defense
Network Defense
Reverse Engineering
Smart Grid/Industrial Security

Search for:

Penetration Testing Tools

Arsenal Lab / Web AppSec

OWASP WrongSecrets: Secrets Management-focused vulnerable app

by ddos · September 20, 2024

OWASP WrongSecrets

Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques.

It can be used in security training, awareness demos, as a test environment for secret detection tools, and bad practice detection tooling.

Wondering what a secret is? A secret is often a confidential piece of information that is required to unlock certain functionalities or information. It can exist in many shapes or forms, for instance:

2FA keys
Activation/Callback links

API keys
Credentials
Passwords

Private keys (decryption, signing, TLS, SSH, GPG)
Secret keys (symmetric encryption, HMAC)
Session cookies

Tokens (Session, Refresh, Authentication, Activation, etc.)

Install

Copyright (c) 2020-2022 Jeroen Willemsen and WrongSecret contributors.

Share

Tags: OWASP WrongSecrets

Follow:

Next story SCCM HTTP Looter: Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares
Previous story nightingale: enterprise-level cloud-native monitoring system

Search

MAKE THE WEBSITE ONLINE

Popular Posts
Tags

Ethical Hacking

SCCM HTTP Looter: Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares

September 20, 2024
Vulnerability Assessment

django-DefectDojo: application vulnerability correlation & security orchestration application

August 21, 2024
Vulnerability Assessment

ciscoconfparse: Parse, Audit, Query, Build, and Modify Cisco IOS-style configurations

August 21, 2024
OSINT - Open Source Intelligence

Ominis-OSINT Web Hunter: Open Source Intelligence Tool

August 21, 2024
Network Defense

CrowdSec: Real-time & crowdsourced protection against aggressive IPs

August 22, 2024

Amazon AMD Android Apple ARM Artificial intelligence ASRock Asus ChatGPT chrome facebook Firefox Gigabyte google Google Chrome hacker Huawei Intel Lenovo LG Linux Linux Kernel MediaTek Meta Micron Microsoft microsoft edge MSI Nvidia OpenAI PlayStation 5 Qualcomm ransomware Samsung SK Hynix Sony Steam Deck TSMC vulnerability windows Windows 7 Windows 10 Windows 10X Windows 11 Xbox

Reward

Brilliantly

SAFE!

meterpreter.org

Content & Links

Verified by Sur.ly

2022

Home
About Us
Contact Us
DMCA NOTICE
Privacy Policy

Penetration Testing Tools © 2024. All Rights Reserved.

x