From 32aa0b9450b87485c28c32ff3d0c70e8d91d2105 Mon Sep 17 00:00:00 2001
From: Jeroen Willemsen <jeroenwillemsen2001@gmail.com>
Date: Thu, 31 Mar 2022 08:53:48 +0200
Subject: [PATCH] Update README.md to add OWASP WrongSecrets

---
 README.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 80f08f8..8f588c8 100644
--- a/README.md
+++ b/README.md
@@ -155,11 +155,12 @@ And don't forget to **bookmark AWS Security bulletin** for new vulnerabilities n
 3. [Flaws2 focuses on AWS security concepts through various challenge levels](http://flaws2.cloud/)
 4. [CloudGoat By Rhino Security Labs](https://github.com/RhinoSecurityLabs/cloudgoat) - Vulnerable by Design AWS infrastructure setup tool
 5. [OWASP ServerlessGoat](https://github.com/OWASP/Serverless-Goat) - OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes.
-6. [AWS S3 CTF Challenges with solutions](https://n0j.github.io/2017/10/02/aws-s3-ctf.html)
-7. [AWS CTF with practical scenario](https://r00tz-ctf.awssecworkshops.com/)
-8. [Breaking and Pwning Apps and Servers on AWS and Azure by AppSecCo](https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training) - The training covers a multitude of scenarios taken from our vulnerability assessment, penetration testing and OSINT engagements which take the student through the journey of discovery, identification and exploitation of security weaknesses, misconfigurations and poor programming practices that can lead to complete compromise of the cloud infrastructure.
-9. [AWS Workshop official](https://awsworkshop.io/) - This is not exactly security part, but would be helpful to understand AWS with this workshop examples.
-10. [AWS Security Workshops](https://awssecworkshops.com/) by AWS
+6. [OWASP WrongSecrets](https://github.com/commjoen/wrongsecrets) - OWASP WrongSecrets is a vulnerable app which shows you how to not store secrets. It covers code, Docker, Kubernetes, and AWS cloud bad practices.
+7. [AWS S3 CTF Challenges with solutions](https://n0j.github.io/2017/10/02/aws-s3-ctf.html)
+8. [AWS CTF with practical scenario](https://r00tz-ctf.awssecworkshops.com/)
+9. [Breaking and Pwning Apps and Servers on AWS and Azure by AppSecCo](https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training) - The training covers a multitude of scenarios taken from our vulnerability assessment, penetration testing and OSINT engagements which take the student through the journey of discovery, identification and exploitation of security weaknesses, misconfigurations and poor programming practices that can lead to complete compromise of the cloud infrastructure.
+10. [AWS Workshop official](https://awsworkshop.io/) - This is not exactly security part, but would be helpful to understand AWS with this workshop examples.
+11. [AWS Security Workshops](https://awssecworkshops.com/) by AWS
 
 ## AWS Security Bulletin Important Issues
 1. [Container Networking Security Issue ([CVE-2020-8558])](https://nvd.nist.gov/vuln/detail/CVE-2020-8558) (This issue may allow containers running on the same host, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1))