You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cornucopia.owasp.org/data/website/pages/about/en/index.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,13 +40,13 @@ The other driver for Cornucopia was to link the attacks with requirements and ve
40
40
Common Weakness Enumeration [external]') weakness IDs, but these proved too numerous, and instead it was decided to map each card to [CAPEC™](http://capec.mitre.org/ 'CAPEC™ -
41
41
Common Attack Pattern Enumeration and Classification (CAPEC) [external]') software attack pattern IDs which themselves are mapped to CWEs, so the desired result is achieved.
42
42
43
-
Each Website App Edition card is also mapped to the 36 primary security stories in the [SAFECode document](https://safecode.org/resource-secure-development-practices/fundamental-practices-secure-software-development-2/'Fundamental Practices for Secure Software Development, Third Edition - SAFECode [external]'), as well as to the OWASP [SCP](https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/'OWASP Secure Coding Practices-Quick Reference Guide [internal]') v2, [ASVS v4.0.3](https://owasp.org/www-project-application-security-verification-standard/'OWASP Application Security Verification Standard (ASVS) [internal]') and [AppSensor](https://owasp.org/www-project-appsensor/'OWASP AppSensor [internal]') (application attack detection and response) to help teams create their own security-related stories for use in Agile processes.
43
+
Each Website App Edition card is also mapped to the 36 primary security stories in the [SAFECode document](https://safecode.org/resource-secure-development-practices/fundamental-practices-secure-software-development-2/'Fundamental Practices for Secure Software Development, Third Edition - SAFECode [external]'), as well as to the OWASP [Developer Guide Web Application Checklist](https://devguide.owasp.org/en/04-design/02-web-app-checklist/'OWASP Developer Guide [external]') v2, [ASVS v4.0.3](https://owasp.org/www-project-application-security-verification-standard/'OWASP Application Security Verification Standard (ASVS) [external]') and [AppSensor](https://owasp.org/www-project-appsensor/'OWASP AppSensor [external]') (application attack detection and response) to help teams create their own security-related stories for use in Agile processes.
44
44
45
-
Likewise, each Mobile App Edition is mapped to CAPEC™ and the SAFECode stories, but instead of SCP, ASVS and AppSensor, each card is mapped to OWASP's [Mobile Application Security Verification Standard (MASVS) v2.0](https://mas.owasp.org/MASVS/'OWASP MASVS (Mobile Application Security Verification Standard [internal]') and [Mobile Application Security Testing Guide (MASTG) v2.0](https://mas.owasp.org/MASTG/'OWASP Mobile Application Security Testing Guide [internal]').
45
+
Likewise, each Mobile App Edition is mapped to CAPEC™ and the SAFECode stories, but instead of SCP, ASVS and AppSensor, each card is mapped to OWASP's [Mobile Application Security Verification Standard (MASVS) v2.0](https://mas.owasp.org/MASVS/'OWASP MASVS (Mobile Application Security Verification Standard [external]') and [Mobile Application Security Testing Guide (MASTG) v2.0](https://mas.owasp.org/MASTG/'OWASP Mobile Application Security Testing Guide [external]').
46
46
47
47
## Other Security Gamification
48
48
49
-
If you are interested in using gaming for security, also see [Elevation of Privilege: The Threat Modeling Game](https://www.microsoft.com/en-gb/download/details.aspx?id=20303 'Elevation of Privilege (EoP) Threat Modeling Card Game [external]'), [Security Cards](http://securitycards.cs.washington.edu/ 'The Security Cards: A Security Threat Brainstorming Kit [external]') from the University of Washington, the commercial card game [Control-Alt-Hack](http://www.controlalthack.com/ 'Control-Alt-Hack(R) [external]') ([presentation](http://www.youtube.com/watch?v=Kpnvsgiiz8s 'Control-Alt-Hack(TM): White Hat Hacking for Fun and Profit (A Computer Security Card Game) [external]')), [OWASP Snakes and Ladders](https://owasp.org/www-project-snakes-and-ladders 'OWASP Snakes And Ladders [internal]'), [OWASP Cumulus](https://owasp.org/www-project-cumulus/ 'OWASP Cumulus [internal]'), [OWASP Top 10 The Game](https://owasp.org/www-project-top-10-the-game 'OWASP Top 10 The Game [internal]'), and web application security training tools incorporating gamification such as [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/ 'OWASP JuiceShop [internal]'), [OWASP Security Shepherd](https://owasp.org/www-project-security-shepherd 'OWASP Security Shepard [internal]'), [OWASP WrongSecrets](https://owasp.org/www-project-wrongsecrets/ 'OWASP WrongSecrets [internal]') and [ITSEC Games](http://itsecgames.blogspot.co.uk/ 'ITSEC Games [external]').
49
+
If you are interested in using gaming for security, also see [Elevation of Privilege: The Threat Modeling Game](https://www.microsoft.com/en-gb/download/details.aspx?id=20303 'Elevation of Privilege (EoP) Threat Modeling Card Game [external]'), [Security Cards](http://securitycards.cs.washington.edu/ 'The Security Cards: A Security Threat Brainstorming Kit [external]') from the University of Washington, the commercial card game [Control-Alt-Hack](http://www.controlalthack.com/ 'Control-Alt-Hack(R) [external]') ([presentation](http://www.youtube.com/watch?v=Kpnvsgiiz8s 'Control-Alt-Hack(TM): White Hat Hacking for Fun and Profit (A Computer Security Card Game) [external]')), [OWASP Snakes and Ladders](https://owasp.org/www-project-snakes-and-ladders 'OWASP Snakes And Ladders [internal]'), [OWASP Cumulus](https://owasp.org/www-project-cumulus/ 'OWASP Cumulus [external]'), [OWASP Top 10 The Game](https://owasp.org/www-project-top-10-the-game 'OWASP Top 10 The Game [external]'), and web application security training tools incorporating gamification such as [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/ 'OWASP JuiceShop [external]'), [OWASP Security Shepherd](https://owasp.org/www-project-security-shepherd 'OWASP Security Shepard [external]'), [OWASP WrongSecrets](https://owasp.org/www-project-wrongsecrets/ 'OWASP WrongSecrets [external]') and [ITSEC Games](http://itsecgames.blogspot.co.uk/ 'ITSEC Games [external]').
50
50
51
51
Additionally, Adam Shostack maintains a list of tabletop security games and related resources at [Tabletop Security Games + Cards](https://shostack.org/games.html'Tabletop Security Games + Cards [external]').
Copy file name to clipboardExpand all lines: cornucopia.owasp.org/data/website/pages/printing/en/index.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# Printing
2
2
3
-
The primary source document is a Word document. You can find it named under [owasp_cornucopia_webapp_n.nn_guide_bridge_(lang).docx](https://github.com/OWASP/cornucopia/releases/tag/v2.1.0'OWASP Cornucopia on Github [external]') as part of the latest release.
3
+
The primary source document is a Word document. You can find it named under [owasp_cornucopia_webapp_n.nn_guide_bridge_(lang).docx](https://github.com/OWASP/cornucopia/releases/tag/v2.5.0'OWASP Cornucopia on Github [external]') as part of the latest release.
4
4
5
5
Pre-printed card decks may, however, be more useful. To get this, click on [webshop](/webshop) in the upper right corner.
6
6
@@ -10,13 +10,13 @@ You can also choose to play the OWASP Cornucopia Website App Edition and Mobile
10
10
11
11
## Current printable version
12
12
13
-
Here is the current version of Cornucopia Website App and Mobile App Edition guides, decks and leaflets (v2.1 with updated mapping to ASVS v4.0.3):
13
+
Here is the current version of Cornucopia Website App and Mobile App Edition guides, decks and leaflets (v2.2 with updated mapping to ASVS v4.0.3):
- Mobile App Edition 1.1 card decks and leaflets: [[EN]](https://github.com/OWASP/cornucopia/releases/download/v2.1.0/owasp_cornucopia_mobileapp_1.1_en.zip'[external]')
- Mobile App Edition 1.1 card decks and leaflets: [[EN]](https://github.com/OWASP/cornucopia/releases/download/v2.5.0/owasp_cornucopia_mobileapp_1.1_en.zip'[external]')
0 commit comments