From a9db23d150f36e27ebc07f371c6828b043c90861 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 10 Oct 2024 23:07:37 +0200 Subject: [PATCH] Update README.md with nr of challenges --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7b14f8307..709df8b71 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to _not_ store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy. -Can you solve all the 48 challenges? +Can you solve all the 50 challenges? Try some of them on [our Heroku demo environment](https://wrongsecrets.herokuapp.com/). @@ -74,7 +74,7 @@ Copyright (c) 2020-2024 Jeroen Willemsen and WrongSecrets contributors. ## Basic docker exercises -_Can be used for challenges 1-4, 8, 12-32, 34, 35-43_ +_Can be used for challenges 1-4, 8, 12-32, 34, 35-43, 49-50_ For the basic docker exercises you currently require: @@ -125,6 +125,8 @@ Now you can try to find the secrets by means of solving the challenge offered at - [localhost:8080/challenge/challenge-41](http://localhost:8080/challenge/challenge-41) - [localhost:8080/challenge/challenge-42](http://localhost:8080/challenge/challenge-42) - [localhost:8080/challenge/challenge-43](http://localhost:8080/challenge/challenge-43) +- [localhost:8080/challenge/challenge-43](http://localhost:8080/challenge/challenge-49) +- [localhost:8080/challenge/challenge-43](http://localhost:8080/challenge/challenge-50) Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look better ;-). @@ -152,7 +154,7 @@ If you want to host WrongSecrets on Railway, you can do so by deploying [this on ## Basic K8s exercise -_Can be used for challenges 1-6, 8, 12-43, 48_ +_Can be used for challenges 1-6, 8, 12-43, 48-50_ ### Minikube based @@ -227,7 +229,7 @@ now you can use the provided IP address and port to further play with the K8s va ## Vault exercises with minikube -_Can be used for challenges 1-8, 12-48_ +_Can be used for challenges 1-8, 12-50_ Make sure you have the following installed: - minikube with docker (or comment out line 8 and work at your own k8s setup), @@ -245,7 +247,7 @@ This is because if you run the start script again it will replace the secret in ## Cloud Challenges -_Can be used for challenges 1-48_ +_Can be used for challenges 1-50_ **READ THIS**: Given that the exercises below contain IAM privilege escalation exercises, never run this on an account which is related to your production environment or can influence your account-over-arching