Home
OWASP WrongSecrets is a deliberately insecure application focused on secret management.
In this app, we have packed various ways showing you how to not store your secrets. The challenge is to find all the different secrets in multiple environments by means of various tools and techniques.
Our aim is to provide you with some knowledge so that you can improve your own secret management.
Good luck!
The WrongSecrets Team
Need support? Contact us via OWASP Slack (sign up here), file a PR, file an issue, or use discussions. Please note that this is an OWASP volunteer-based project, so it might take a little while before we respond.