Skip to content

First version of cloud suit #2001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
suvroc wants to merge 3 commits into
base: master
Choose a base branch
from
+62 −12
Open

First version of cloud suit #2001

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6031cd2
First version of cloud suit
suvroc Jan 5, 2026
615bc3d
Moving cards definition to companion file
suvroc Jan 6, 2026
9d4d195
Update descriptions for CLD5 and CLDJ entries
suvroc Jan 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 12 additions & 12 deletions source/companion-cards-1.0.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,62 +153,62 @@ suits:
id: CLD2
value: 2
url: https://cornucopia.owasp.org/cards/CLD2
desc:
desc: "Dan can abuse overly permissive roles assigned to an application to gain full access to cloud services beyond its intended scope"
-
id: CLD3
value: 3
url: https://cornucopia.owasp.org/cards/CLD3
desc:
desc: "Roupe can discover a publicly accessible cloud storage bucket and downloaded sensitive customer data directly from the internet"
-
id: CLD4
value: 4
url: https://cornucopia.owasp.org/cards/CLD4
desc:
desc: "Ryan can operate within critical cloud services without triggering alerts by exploiting the absence of audit logs and security monitoring"
-
id: CLD5
value: 5
url: https://cornucopia.owasp.org/cards/CLD5
desc:
desc: "Josh can inject malicious code into the cloud build or deployment pipeline by abusing unprotected build variables"
-
id: CLD6
value: 6
url: https://cornucopia.owasp.org/cards/CLD6
desc:
desc: "Monica can exploit a poorly protected cloud API to enumerate resources and manipulate backend cloud services"
-
id: CLD7
value: 7
url: https://cornucopia.owasp.org/cards/CLD7
desc:
desc: "Jon can escape from a compromised container and gained access to the underlying cloud host"
-
id: CLD8
value: 8
url: https://cornucopia.owasp.org/cards/CLD8
desc:
desc: "Siddharth can exploit a shared cloud account without access isolation, using metadata and tags to identify and access resources belonging to multiple products"
-
id: CLD9
value: 9
url: https://cornucopia.owasp.org/cards/CLD9
desc:
desc: "Akash can pivot from one compromised cloud account into multiple connected environments using existing trust relationships"
-
id: CLDX
value: X
url: https://cornucopia.owasp.org/cards/CLDX
desc:
desc: "Adrian can introduce backdoored Infrastructure-as-Code templates into version control, causing vulnerable cloud environments to be deployed at scale"
-
id: CLDJ
value: J
url: https://cornucopia.owasp.org/cards/CLDJ
desc:
desc: "Michael can compromise a build runner and injected malicious code into container images that were automatically promoted to production across all cloud clusters"
-
id: CLDQ
value: Q
url: https://cornucopia.owasp.org/cards/CLDQ
desc:
desc: "Eleftherios can leverage a breach in one cloud service to pivot into another by abusing shared identities, pipelines, and secrets"
-
id: CLDK
value: K
url: https://cornucopia.owasp.org/cards/CLDK
desc:
desc: "Daniele can compromise the cloud root or break-glass account, gaining irreversible control over billing, identities, and recovery mechanisms"
-
id: CLDA
value: A
Expand Down
50 changes: 50 additions & 0 deletions source/companion-mappings-1.0.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,50 +120,100 @@ suits:
id: CLD2
value: 2
url: https://cornucopia.owasp.org/cards/CLD2
stride: [ E ]
ccm: [ IAM-05, IAM-09 ]
mitre_attack: [ T1098.003, T1078.004 ]
cwe: [ CWE-732 ]
capec: [ CAPEC-122 ]
-
id: CLD3
value: 3
url: https://cornucopia.owasp.org/cards/CLD3
stride: [ I ]
ccm: [ DSP-17, IVS-03, LOG-04 ]
mitre_attack: [ T1530 ]
cwe: [ CWE-200 ]
capec: [ CAPEC-545 ]
-
id: CLD4
value: 4
url: https://cornucopia.owasp.org/cards/CLD4
stride: [ R ]
ccm: [ LOG-01, LOG-05, LOG-07 ]
mitre_attack: [ T1562.008 ]
capec: [ CAPEC-268 ]
-
id: CLD5
value: 5
url: https://cornucopia.owasp.org/cards/CLD5
stride: [ T ]
ccm: [ AIS-05, CCC-02, CCC-04 ]
mitre_attack: [ T1195.002 ]
capec: [ CAPEC-242 ]
-
id: CLD6
value: 6
url: https://cornucopia.owasp.org/cards/CLD6
stride: [ T, I ]
ccm: [ AIS-01, AIS-02, AIS-04, LOG-03 ]
mitre_attack: [ T1528, T1530 ]
capec: [ CAPEC-54 ]
-
id: CLD7
value: 7
url: https://cornucopia.owasp.org/cards/CLD7
stride: [ E ]
ccm: [ IVS-04, IVS-06 ]
mitre_attack: [ T1611, TA0008 ]
capec: [ CAPEC-480 ]
-
id: CLD8
value: 8
url: https://cornucopia.owasp.org/cards/CLD8
stride: [ E ]
ccm: [ DSP-04, DSP-17 ]
mitre_attack: [ T1552.005 ]
capec: [ CAPEC-545 ]
-
id: CLD9
value: 9
url: https://cornucopia.owasp.org/cards/CLD9
stride: [ E ]
ccm: [ IAM-04, IVS-06 ]
mitre_attack: [ T1021.007, TA0008 ]
capec: [ CAPEC-161 ]
-
id: CLDX
value: X
url: https://cornucopia.owasp.org/cards/CLDX
stride: [ T ]
ccm: [ AIS-04, AIS-06, CCC-06 ]
mitre_attack: [ T1195.001, T1584.004 ]
capec: [ CAPEC-248 ]
-
id: CLDJ
value: J
url: https://cornucopia.owasp.org/cards/CLDJ
stride: [ T ]
ccm: [ IVS-01, IVS-05, CCC-04 ]
mitre_attack: [ T1554, T1195 ]
capec: [ CAPEC-439 ]
-
id: CLDQ
value: Q
url: https://cornucopia.owasp.org/cards/CLDQ
stride: [ I, E ]
ccm: [ IAM-05, IAM-116 ]
mitre_attack: [ T1195 ]
capec: [ CAPEC-161 ]
-
id: CLDK
value: K
url: https://cornucopia.owasp.org/cards/CLDK
stride: [ S ]
ccm: [ IAM-01, IAM-02, IAM-09 ]
mitre_attack: [ T1098 ]
capec: [ CAPEC-233 ]
-
id: SDL
name: SSDLC
Expand Down
Loading