Merge pull request #1316 from OWASP/update-challenge1

Make hint more explicit for challenge1
OWASP · Apr 12, 2024 · 002c34b · 002c34b
2 parents 78b9411 + f6a56f1
commit 002c34b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/resources/explanations/challenge1.adoc b/src/main/resources/explanations/challenge1.adoc
@@ -2,6 +2,6 @@
 
 When people write a Proof of Concept, they often start with hardcoded secrets, such as a `password` in code. What if we forget to remove these hardcoded secrets?
 
-Can you spot the secret we are looking for in code? What about looking for it in the container?
+Can you spot the secret we are looking for in the https://github.com/OWASP/wrongsecrets/tree/master/src/main/java/org/owasp/wrongsecrets[Java code]? What about looking for it in the container?
 
 Sometimes the simpler tools are the most effective. Try cloning the repo and use https://man7.org/linux/man-pages/man1/grep.1.html[*grep*] to see what you find. It is also possible to find with https://github.com/awslabs/git-secrets[*Git-secrets*] or https://github.com/trufflesecurity/trufflehog[*Trufflehog*]. Just dive into the code!