OWASP WrongSecrets

OWASP WrongSecrets, an intentionally vulnerable web application focused on secret management hygiene.

Deploy on Railway

OWASP WrongSecrets is an open-source intentionally vulnerable web application focused on secret management hygiene. It is designed to help developers and security professionals better understand the risks associated with poor or weak secret management practices. It can be used in security trainings, awareness demos, capture-the-flag events, testing secret detection tools, and honing your web application security skills in general.

Learn more: