From a4ddfbbfc6e8bd1f6f4a4b45cbf6c56bbce92141 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 31 Oct 2024 21:25:50 +0100 Subject: [PATCH] fix url for chalnege 51 --- src/main/resources/explanations/challenge51.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/explanations/challenge51.adoc b/src/main/resources/explanations/challenge51.adoc index d66b82957..d31bc34d0 100644 --- a/src/main/resources/explanations/challenge51.adoc +++ b/src/main/resources/explanations/challenge51.adoc @@ -1,6 +1,6 @@ === Exposed Docker Secrets Challenge -In this challenge, you will explore the importance of securely managing sensitive information using Docker secrets in a https://github.com/OWASP/wrongsecrets/blob/775648678a60e57faa8c3fc0799ce1526f4b0f42/src/main/resources/challenges/challenge-51/Dockerfile_challenge51[Docker Compose file]. Docker secrets are intended to safely transmit and store sensitive data like passwords, API keys, and certificates within Docker services. However, improper handling or misconfigurations can inadvertently expose these secrets, leading to potential security risks. +In this challenge, you will explore the importance of securely managing sensitive information using Docker secrets in a https://raw.githubusercontent.com/OWASP/wrongsecrets/refs/heads/master/src/main/resources/challenges/challenge-51/challenge51docker-compose.yml[Docker Compose file]. Docker secrets are intended to safely transmit and store sensitive data like passwords, API keys, and certificates within Docker services. However, improper handling or misconfigurations can inadvertently expose these secrets, leading to potential security risks. *Acme Inc.*, a rapidly growing e-commerce platform, has recently experienced suspicious activities suggesting that sensitive customer data might have been compromised. An internal audit reveals that a developer inadvertently exposed database credentials by keeping secretfiles in repository and pushing it to a public Git repository. Additionally, the application was not utilizing Docker secrets effectively, leading to plaintext exposure of sensitive information within running containers.