Moving cards definition to companion file

suvroc · suvroc · commit 615bc3df0257 · 2026-01-06T23:19:22.000+01:00
Changing "the attacker" to names
diff --git a/source/cloud-cards-1.0-en.yaml b/source/cloud-cards-1.0-en.yaml
diff --git a/source/companion-cards-1.0.yaml b/source/companion-cards-1.0.yaml
@@ -153,62 +153,62 @@ suits:
     id: CLD2
     value: 2
     url: https://cornucopia.owasp.org/cards/CLD2
-    desc: 
+    desc: "Dan can abuse overly permissive roles assigned to an application to gain full access to cloud services beyond its intended scope"
   -
     id: CLD3
     value: 3
     url: https://cornucopia.owasp.org/cards/CLD3
-    desc: 
+    desc: "Roupe can discover a publicly accessible cloud storage bucket and downloaded sensitive customer data directly from the internet"
   -
     id: CLD4
     value: 4
     url: https://cornucopia.owasp.org/cards/CLD4
-    desc: 
+    desc: "Ryan can operate within critical cloud services without triggering alerts by exploiting the absence of audit logs and security monitoring"
   -
     id: CLD5
     value: 5
     url: https://cornucopia.owasp.org/cards/CLD5
-    desc: 
+    desc: "Josh can inject malicious code into the cloud Continous Integration/Continous Delivery pipeline by abusing unprotected build variables"
   -
     id: CLD6
     value: 6
     url: https://cornucopia.owasp.org/cards/CLD6
-    desc: 
+    desc: "Monica can exploit a poorly protected cloud API to enumerate resources and manipulate backend cloud services"
   -
     id: CLD7
     value: 7
     url: https://cornucopia.owasp.org/cards/CLD7
-    desc: 
+    desc: "Jon can escape from a compromised container and gained access to the underlying cloud host"
   -
     id: CLD8
     value: 8
     url: https://cornucopia.owasp.org/cards/CLD8
-    desc: 
+    desc: "Siddharth can exploit a shared cloud account without access isolation, using metadata and tags to identify and access resources belonging to multiple products"
   -
     id: CLD9
     value: 9
     url: https://cornucopia.owasp.org/cards/CLD9
-    desc: 
+    desc: "Akash can pivot from one compromised cloud account into multiple connected environments using existing trust relationships"
   -
     id: CLDX
     value: X
     url: https://cornucopia.owasp.org/cards/CLDX
-    desc: 
+    desc: "Adrian can introduce backdoored Infrastructure-as-Code templates into version control, causing vulnerable cloud environments to be deployed at scale"
   -
     id: CLDJ
     value: J
     url: https://cornucopia.owasp.org/cards/CLDJ
-    desc: 
+    desc: "Michael can compromise a CI runner and injected malicious code into container images that were automatically promoted to production across all cloud clusters"
   -
     id: CLDQ
     value: Q
     url: https://cornucopia.owasp.org/cards/CLDQ
-    desc: 
+    desc: "Eleftherios can leverage a breach in one cloud service to pivot into another by abusing shared identities, pipelines, and secrets"
   -
     id: CLDK
     value: K
     url: https://cornucopia.owasp.org/cards/CLDK
-    desc: 
+    desc: "Daniele can compromise the cloud root or break-glass account, gaining irreversible control over billing, identities, and recovery mechanisms"
   -
     id: CLDA
     value: A
diff --git a/source/companion-mappings-1.0.yaml b/source/companion-mappings-1.0.yaml
@@ -120,50 +120,100 @@ suits:
     id: CLD2
     value: 2
     url: https://cornucopia.owasp.org/cards/CLD2
+    stride: [ E ]
+    ccm: [ IAM-05, IAM-09 ]
+    mitre_attack: [ T1098.003, T1078.004 ]
+    cwe: [ CWE-732 ]
+    capec: [ CAPEC-122 ]
   -
     id: CLD3
     value: 3
     url: https://cornucopia.owasp.org/cards/CLD3
+    stride: [ I ]
+    ccm: [ DSP-17, IVS-03, LOG-04 ]
+    mitre_attack: [ T1530 ]
+    cwe: [ CWE-200 ]
+    capec: [ CAPEC-545 ]
   -
     id: CLD4
     value: 4
     url: https://cornucopia.owasp.org/cards/CLD4
+    stride: [ R ]
+    ccm: [ LOG-01, LOG-05, LOG-07 ]
+    mitre_attack: [ T1562.008 ]
+    capec: [ CAPEC-268 ]
   -
     id: CLD5
     value: 5
     url: https://cornucopia.owasp.org/cards/CLD5
+    stride: [ T ]
+    ccm: [ AIS-05, CCC-02, CCC-04 ]
+    mitre_attack: [ T1195.002 ]
+    capec: [ CAPEC-242 ]
   -
     id: CLD6
     value: 6
     url: https://cornucopia.owasp.org/cards/CLD6
+    stride: [ T, I ]
+    ccm: [ AIS-01, AIS-02, AIS-04, LOG-03 ]
+    mitre_attack: [ T1528, T1530 ]
+    capec: [ CAPEC-54 ]
   -
     id: CLD7
     value: 7
     url: https://cornucopia.owasp.org/cards/CLD7
+    stride: [ E ]
+    ccm: [ IVS-04, IVS-06 ]
+    mitre_attack: [ T1611, TA0008 ]
+    capec: [ CAPEC-480 ]
   -
     id: CLD8
     value: 8
     url: https://cornucopia.owasp.org/cards/CLD8
+    stride: [ E ]
+    ccm: [ DSP-04, DSP-17 ]
+    mitre_attack: [ T1552.005 ]
+    capec: [ CAPEC-545 ]
   -
     id: CLD9
     value: 9
     url: https://cornucopia.owasp.org/cards/CLD9
+    stride: [ E ]
+    ccm: [ IAM-04, IVS-06 ]
+    mitre_attack: [ T1021.007, TA0008 ]
+    capec: [ CAPEC-161 ]
   -
     id: CLDX
     value: X
     url: https://cornucopia.owasp.org/cards/CLDX
+    stride: [ T ]
+    ccm: [ AIS-04, AIS-06, CCC-06 ]
+    mitre_attack: [ T1195.001, T1584.004 ]
+    capec: [ CAPEC-248 ]
   -
     id: CLDJ
     value: J
     url: https://cornucopia.owasp.org/cards/CLDJ
+    stride: [ T ]
+    ccm: [ IVS-01, IVS-05, CCC-04 ]
+    mitre_attack: [ T1554, T1195 ]
+    capec: [ CAPEC-439 ]
   -
     id: CLDQ
     value: Q
     url: https://cornucopia.owasp.org/cards/CLDQ
+    stride: [ I, E ]
+    ccm: [ IAM-05, IAM-116 ]
+    mitre_attack: [ T1195 ]
+    capec: [ CAPEC-161 ]
   -
     id: CLDK
     value: K
     url: https://cornucopia.owasp.org/cards/CLDK
+    stride: [ S ]
+    ccm: [ IAM-01, IAM-02, IAM-09 ]
+    mitre_attack: [ T1098 ]
+    capec: [ CAPEC-233 ]
 -
   id: SDL
   name: SSDLC
