OWASP WrongSecrets

Free

Welcome to the OWASP WrongSecrets game! The game is packed with real-life examples of how not to store secrets in your software. Each challenge helps you recognize common mistakes in secrets management and reflect on your own strategy. Play the challenges on Heroku, Render.io, Railway, Minikube, AWS, GCP, Azure, or your own cloud environment.

FEATURES

The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.

ALTERNATIVES

Blackhat Conference Presentation Slides

A repository of cybersecurity conference presentation slides from Black Hat, Offensivecon, and REcon.

Free

Resources

Nessus Cheat Sheet

A comprehensive guide to Nessus, a vulnerability scanner, covering data directories, binary directories, logs directories, plugin directories, advanced settings, API, and good practices.

Free

Resources

Universal Book Links

Find books at your favorite store and stay updated on new features with Universal Book Links.

Free

Resources

0xf.at Hackits

Solve password-riddles on a website without logins or ads.

Free

Resources

Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder

A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.

Free

Resources

Cryptopals Crypto Challenges

Interactive challenges demonstrating attacks on real-world cryptography.

Free

Resources

Modern Binary Exploitation - CSCI 4968

A university course focused on vulnerability research, reverse engineering, and binary exploitation to teach practical offensive security skills.

Free

Resources

pwntools-write-ups

A collection of CTF write-ups using pwntools

Free

Resources

PINNED

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Resources

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Resources

CTIChef.com Detection Feeds

A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

Threat Management

ImmuniWeb® Discovery

ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Attack Surface Management

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security