You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@
15
15
16
16
Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to _not_ store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy.
17
17
18
-
Can you solve all the 34 challenges?
18
+
Can you solve all the 35 challenges?
19
19
20
20
Try some of them on [our Heroku demo environment](https://wrongsecrets.herokuapp.com/).
For the basic docker exercises you currently require:
77
77
@@ -129,7 +129,7 @@ You can test them out at [https://wrongsecrets.fly.dev](https://wrongsecrets.fly
129
129
130
130
## Basic K8s exercise
131
131
132
-
_Can be used for challenges 1-6, 8, 12-34_
132
+
_Can be used for challenges 1-6, 8, 12-35_
133
133
134
134
### Minikube based
135
135
@@ -186,7 +186,7 @@ Don't want to go over the hassle of setting up K8S yourself? visit [https://wron
186
186
187
187
## Vault exercises with minikube
188
188
189
-
_Can be used for challenges 1-8, 12-34_
189
+
_Can be used for challenges 1-8, 12-35_
190
190
Make sure you have the following installed:
191
191
192
192
- minikube with docker (or comment out line 8 and work at your own k8s setup),
@@ -197,14 +197,14 @@ Make sure you have the following installed:
197
197
- vault [Install from here](https://www.vaultproject.io/downloads),
198
198
- grep, Cat, and Sed
199
199
200
-
Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-33.
200
+
Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-35.
201
201
202
202
When you stopped the `k8s-vault-minikube-start.sh` script and want to resume the port forward run: `k8s-vault-minikube-resume.sh`.
203
203
This is because if you run the start script again it will replace the secret in the vault and not update the secret-challenge application with the new secret.
204
204
205
205
## Cloud Challenges
206
206
207
-
_Can be used for challenges 1-34_
207
+
_Can be used for challenges 1-35_
208
208
209
209
**READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
210
210
never run this on an account which is related to your production environment or can influence your account-over-arching
0 commit comments