diff --git a/README.md b/README.md index a943ebe14..cfdaa70a2 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to _not_ store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy. -Can you solve all the 45 challenges? +Can you solve all the 46 challenges? Try some of them on [our Heroku demo environment](https://wrongsecrets.herokuapp.com/). @@ -140,11 +140,14 @@ Want to deploy yourself with Render? Click the button below: [![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy?repo=https://github.com/OWASP/wrongsecrets) + ### Running these on Railway *status: maintained by [alphasec.io](https://github.com/alphasecio)* If you want to host WrongSecrets on Railway, you can do so by deploying [this one-click template](https://railway.app/new/template/7pnwRj). Railway does not offer an always-free plan anymore, but the free trial is good enough to test-drive this before you decide to upgrade. If you need a step-by-step companion guide, see [this blog post](https://alphasec.io/test-your-secret-management-skills-with-owasp-wrongsecrets/). +[![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/new/template/7pnwRj) + ## Basic K8s exercise _Can be used for challenges 1-6, 8, 12-43_ @@ -198,7 +201,7 @@ now you can use the provided IP address and port to further play with the K8s va ## Vault exercises with minikube -_Can be used for challenges 1-8, 12-45_ +_Can be used for challenges 1-8, 12-46_ Make sure you have the following installed: - minikube with docker (or comment out line 8 and work at your own k8s setup), @@ -209,14 +212,14 @@ Make sure you have the following installed: - vault [Install from here](https://www.vaultproject.io/downloads), - grep, Cat, and Sed -Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at . This will allow you to run challenges 1-8, 12-35. +Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at . This will allow you to run challenges 1-8, 12-46. When you stopped the `k8s-vault-minikube-start.sh` script and want to resume the port forward run: `k8s-vault-minikube-resume.sh`. This is because if you run the start script again it will replace the secret in the vault and not update the secret-challenge application with the new secret. ## Cloud Challenges -_Can be used for challenges 1-45_ +_Can be used for challenges 1-46_ **READ THIS**: Given that the exercises below contain IAM privilege escalation exercises, never run this on an account which is related to your production environment or can influence your account-over-arching @@ -283,9 +286,9 @@ Contributors: - [Tibor Hercz @tiborhercz](https://www.github.com/tiborhercz) - [Chris Elbring Jr. @neatzsche](https://www.github.com/neatzsche) - [Diamond Rivero @diamant3](https://www.github.com/diamant3) +- [Norbert Wolniak @nwolniak](https://www.github.com/nwolniak) - [Adarsh A @adarsh-a-tw](https://www.github.com/adarsh-a-tw) - [Filip Chyla @fchyla](https://www.github.com/fchyla) -- [Norbert Wolniak @nwolniak](https://www.github.com/nwolniak) - [Turjo Chowdhury @turjoc120](https://www.github.com/turjoc120) - [Vineeth Jagadeesh @djvinnie](https://www.github.com/djvinnie) - [Dmitry Litosh @Dlitosh](https://www.github.com/Dlitosh) @@ -295,8 +298,8 @@ Contributors: - [Madhu Akula @madhuakula](https://www.github.com/madhuakula) - [Mike Woudenberg @mikewoudenberg](https://www.github.com/mikewoudenberg) - [Spyros @northdpole](https://www.github.com/northdpole) -- [RubenAtBinx @RubenAtBinx](https://www.github.com/RubenAtBinx) - [za @za](https://www.github.com/za) +- [RubenAtBinx @RubenAtBinx](https://www.github.com/RubenAtBinx) - [Alex Bender @alex-bender](https://www.github.com/alex-bender) - [Nicolas Humblot @nhumblot](https://www.github.com/nhumblot) - [Rick M @kingthorin](https://www.github.com/kingthorin) @@ -331,10 +334,6 @@ We would like to thank the following parties for helping us out: [Jetbrains](https://www.jetbrains.com/) for licensing an instance of Intellij IDEA Ultimate edition to the project leads. We could not have been this fast with the development without it! -[![docker_logo.png](images/docker_logo.png)](https://www.docker.com) - -[Docker](https://www.docker.com) for granting us their Docker Open Source Sponsored program. - [![1password_logo.png](images/1password_logo.png)](https://github.com/1Password/1password-teams-open-source/pull/552) [1Password](https://1password.com/) for granting us an open source license to 1Password for the secret detection testbed.