Vulnerable app with examples showing how to not use secrets
AGPL-3.0 License
Published by commjoen 4 months ago
This version is another new content & LCM release: we've added a cool and exciting challenge about Kubernetes Sealed Secrets! We upgraded to K8s 1.30, removed our dependency on Consul (less resources required to play!), and added a lot of automation to see if everything works the way it should. Next, we started compiling everything for Java 22. In other words: time for a big version bump!
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.5...1.9.0
We would like to thank @nbaars , @Shubham-Patel07 , @bendehaan , and @commjoen for their hard work on this release!
Published by commjoen 6 months ago
This version is a big LCM release, where we upgraded to Java22, and made a lot of the challenges easier to read. On top of that we extended the end2end tests a lot and made them part of our automations, in order to catch bugs faster.
First version of java 22 moving back to temurin alpine by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1281
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1278
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1277
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1276
Bump hashicorp/google from 5.18.0 to 5.22.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1296
Bump hashicorp/azurerm from 3.94.0 to 3.97.1 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1292
Bump terraform-aws-modules/eks/aws from 20.5.0 to 20.8.4 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1295
Update terraform-aws-modules/vpc/aws requirement from ~> 5.5.1 to ~> 5.7.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1294
Bump hashicorp/google-beta from 5.18.0 to 5.22.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1289
Bump aws.sdk.version from 2.25.20 to 2.25.21 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1283
Bump @commitlint/config-conventional from 19.0.3 to 19.1.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1287
Bump com.puppycrawl.tools:checkstyle from 10.14.0 to 10.15.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1298
Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1288
Bump terraform-aws-modules/eks/aws from 20.5.0 to 20.8.4 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1304
Bump hashicorp/azurerm from 3.94.0 to 3.97.1 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1301
Bump hashicorp/google-beta from 5.18.0 to 5.22.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1300
Bump hashicorp/google from 5.18.0 to 5.22.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1299
Bump hashicorp/aws from 5.39.1 to 5.43.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1293
Update terraform-aws-modules/vpc/aws requirement from ~> 5.5.1 to ~> 5.7.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1303
Bump asciidoctorj.version from 2.5.11 to 2.5.12 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1284
Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.3.0 to 2.5.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1305
Bump com.google.cloud:spring-cloud-gcp-dependencies from 5.0.4 to 5.1.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1290
Bump zaproxy/action-baseline from 0.11.0 to 0.12.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1311
Bump minimatch from 9.0.3 to 9.0.4 in /js by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1285
Bump idna from 3.4 to 3.7 in /scripts/sort_contibutors by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1312
Bump azure/setup-helm from 3.5 to 4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1313
Bump colima plugin by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1317
Bump eslint-plugin-cypress from 2.15.1 to 2.15.2 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1342
Bump @commitlint/config-conventional from 18.6.3 to 19.2.2 in /src/test/K8s-tests by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1341
Bump eslint-plugin-cypress from 2.15.1 to 2.15.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1340
Bump @commitlint/config-conventional from 18.6.0 to 19.2.2 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1338
Bump hashicorp/random from 3.6.0 to 3.6.1 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1351
Bump terraform-aws-modules/eks/aws from 20.8.4 to 20.8.5 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1349
Bump hashicorp/aws from 5.43.0 to 5.45.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1348
Bump hashicorp/azurerm from 3.97.1 to 3.99.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1347
Bump hashicorp/google-beta from 5.22.0 to 5.25.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1346
Bump hashicorp/google from 5.22.0 to 5.25.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1339
Bump hashicorp/random from 3.6.0 to 3.6.1 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1328
Bump hashicorp/random from 3.6.0 to 3.6.1 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1327
Bump eslint-plugin-jest from 27.6.3 to 28.2.0 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1330
Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.3.1 to 4.8.4.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1344
Bump eslint-plugin-jest from 27.9.0 to 28.2.0 in /src/test/K8s-tests by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1336
Bump aws.sdk.version from 2.25.21 to 2.25.31 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1329
Bump eslint-plugin-n from 16.6.2 to 17.2.1 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1345
Bump eslint-plugin-n from 16.6.2 to 17.2.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1343
Bump mocha from 10.3.0 to 10.4.0 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1333
Bump eslint-plugin-jest from 27.9.0 to 28.2.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1331
Bump eslint-plugin-n from 16.6.2 to 17.2.1 in /src/test/K8s-tests by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1326
Bump com.github.spotbugs:spotbugs-annotations from 4.8.3 to 4.8.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1337
Bump com.github.spotbugs:spotbugs from 4.8.3 to 4.8.4 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1334
Bump eslint from 8.56.0 to 8.57.0 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1355
Bump cypress from 13.6.4 to 13.7.3 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1354
Bump mocha from 10.3.0 to 10.4.0 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1353
Bump eslint-plugin-n from 16.6.2 to 17.2.1 in /src/test/e2e by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1352
Bump com.tngtech.archunit:archunit-junit5 from 1.2.1 to 1.3.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1332
Bump golang.org/x/net from 0.17.0 to 0.23.0 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1356
Bump golang.org/x/net from 0.17.0 to 0.23.0 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1357
Bump golang.org/x/net from 0.17.0 to 0.23.0 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1358
Bump @commitlint/config-conventional from 19.1.0 to 19.2.2 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1335
Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1363
Bump org.springframework.boot:spring-boot-starter-parent from 3.2.4 to 3.2.5 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1367
Bump aws.sdk.version from 2.25.31 to 2.25.40 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1366
Bump io.gatling:gatling-maven-plugin from 4.8.2 to 4.9.0 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1364
Bump io.gatling.highcharts:gatling-charts-highcharts from 3.10.5 to 3.11.1 by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1365
Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /aws by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1370
Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /gcp by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1369
Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /azure by @dependabot in https://github.com/OWASP/wrongsecrets/pull/1368
Special thanks goes to @bendehaan , @commjoen , @Wind010 , @dannylloyd for their hard work on this release!
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.4...1.8.5
Published by commjoen 8 months ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.3...1.8.4
Special thanks to @Shubham-Patel07 , @bendehaan , @za , @nbaars , @commjoen for their hard work on this release!
Published by commjoen 9 months ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.2...1.8.3
Special thanks to @za , @commjoen , @bendehaan and @nwolniak for their hard work on this release!
Published by commjoen 9 months ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.1...1.8.2
Thanks to @nbaars , @commjoen , and @bendehaan for their hard work on this release
Published by commjoen 9 months ago
feat: run Cypress test against pre-compiled HTML by @nbaars in https://github.com/OWASP/wrongsecrets/pull/1141
Fix Webtop again by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1146
refactor: simplify challenges when answer is fixed by @nbaars in https://github.com/OWASP/wrongsecrets/pull/1125
Fix cypress related docs by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1168
fix reporting: give junit job the right permissions by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1169
fix reporting for mochatests by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1170
Special thanks to @nbaars , @djvinnie , @bendehaan , and @commjoen for their hard work on this release!
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.8.0...1.8.1
Published by commjoen 10 months ago
This is a new major release, as we have done a very big refactor! Thank you, @nbaars, for enabling parallel challenge development!
We also migrated to Spring Boot 3.2.
Just so you know, from here on, you can remove challenges from the app relatively easily by updating the config.
Let's group the changes below:
Special thanks to @CaduRoriz, @nwolniak , @nbaars , @bendehaan , and @djvinnie for their hard work on this release!
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.7.2...1.8.0
Published by commjoen 12 months ago
###LCM
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.7.1...1.7.2
Published by commjoen 12 months ago
This is the second Hacktoberfest release with small ui updates and some very cool new challenges!
Heroku documentation update by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1024
Prep release 1.7.0 ctf party by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1025
Contributor rankings by @roddas in https://github.com/OWASP/wrongsecrets/pull/1022
Add the documentation of main.py script for contributor generation by @roddas in https://github.com/OWASP/wrongsecrets/pull/1026
Updated dockerfiles to include new challenge files and css layout by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1028
Railway documentation addition. by @alphasecio in https://github.com/OWASP/wrongsecrets/pull/1035
Cleanup by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1036
Fix menu ui on mobile by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1045
release 1.7.1 final fixes (ui and contributors), minor node update by @commjoen in https://github.com/OWASP/wrongsecrets/pull/1047
We would like to thank @adarsh-a-tw , @alphasecio , @commjoen , @bendehaan , @mikewoudenberg, and @roddas for their hard work on this release!
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.7.0...1.7.1
Published by commjoen about 1 year ago
This is another big release as part of Hacktoberfest! and have loads of great news:
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.10...1.7.0
Special thanks to @roddas , @nbaars , @bendehaan , @drnow4u , @RemakingEden , and @commjoen for their hard work on this release!
Published by commjoen about 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.9...1.6.10
Special thanks to @djvinnie , @nbaars , @bendehaan , and @commjoen for their work on this release!
Published by commjoen about 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.8...1.6.9
Special thanks to @bendehaan , @commjoen, and @djvinnie for their hard work on this release!
Published by commjoen about 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.7...1.6.8
Special thanks to @bendehaan and @commjoen for their hard work on this release!
Published by commjoen about 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.6...1.6.7
Thanks to @commjoen for his hard work on this release!
Published by commjoen over 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.5...1.6.6
We would like to thank @commjoen and @bendehaan for their hard work on this release.
Published by commjoen over 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.4...1.6.5
We would like to thank @bendehaan, @RemakingEden , @nbaars, @MarcinNowak-codes , @commjoen , and @devsecops
Published by commjoen over 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.3...1.6.4
Special thanks to @nbaars , @bendehaan , @Novice-expert , @puneeth072003 , @commjoen, @mikewoudenberg , and @h43z for their hard work on this release!
Published by commjoen over 1 year ago
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.2...1.6.3
Special thanks to @commjoen and @nbaars for their hard work on this release!
Published by commjoen over 1 year ago
This is a big documentation update, with which we are now at 100% passing of the OpenSSF: .
Next, we have a new challenge added, and are preparing to add a few more in a couple of weeks ;-).
Special thanks to: @bendehaan , @puneeth072003 , @szh , @turjoc120, @nbaars , and @commjoen for their hard work on this release!
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.1...1.6.2
Published by commjoen over 1 year ago
Special thanks to:
Special thanks to @bendehaan , @puneeth072003, @nbaars , and @commjoen for making this release a reality!
Full Changelog: https://github.com/OWASP/wrongsecrets/compare/1.6.0...1.6.1