Colin Watson15h ago

Could something be skipping though the "customer interaction" points in your application?

BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

Read the whole scenario at https://cornucopia.owasp.org/edition/companion/BOT3/1.0/en

Details of new release at https://cornucopia.owasp.org/news/20260508-companion-edition

@owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

Show threadColin Watson1d ago

Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

https://cornucopia.owasp.org

https://copi.owasp.org

If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

https://cybersecgames.com/pages/owasp-cornucopia-threat-modeling-collection

@owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

2/2

OWASP Cornucopia - Threat modeling for everyone

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes.

Colin Watson1d ago

The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

https://cornucopia.owasp.org/news/20260508-companion-edition

@owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

1/2

Colin Watson2d ago

Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

https://cornucopia.owasp.org/news/20260508-companion-edition

@owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

Tim (Wadhwa-)Brown Apr 29

Running threat-crank to update https://github.com/timb-machine/attack-ti with v19 data.

#threatmodelling

GitHub - timb-machine/attack-ti: Vertical and geographic extracts from MITRE ATT&CK

Vertical and geographic extracts from MITRE ATT&CK - timb-machine/attack-ti

GitHub
Colin WatsonApr 13

The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

https://www.lulu.com/shop/colin-watson-and-tin-zaw/owasp-automated-threat-handbook/paperback/product-w4wj7qq.html

#bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

Colin WatsonMar 18

The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

https://www.lulu.com/shop/colin-watson-and-tin-zaw/owasp-automated-threat-handbook/paperback/product-w4wj7qq.html

#bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

Privacy GuidesMar 14

Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.

👤 Learn more on how to evaluate each person's threat model.

🧰 Check our Privacy Activist Toolbox tip to Consider Everyone's Unique Situation: https://www.privacyguides.org/en/activism/toolbox/tip-consider-everyones-unique-situation/

#PrivacyGuides #Activism #PrivacyActivistToolbox #Privacy #ThreatModelling

Consider Everyone's Unique Situation - Privacy Guides

To give actionable privacy advices, it's essential to consider everyone's situation. Learn more on how you can evaluate each person's unique threat model.

Privacy Guides
Tim (Wadhwa-)Brown Feb 25

A couple of interesting links on SD-WAN security:

* https://www.mplify.net/wp-content/uploads/MEF_88.pdf - securing application flows in SD-WAN solutions (vendor neutral)
* https://arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various vendors)

#threatmodelling

Colin WatsonFeb 23

In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

#appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

https://owasp.glueup.com/event/owasp-25th-anniversary-virtual-conference-164290/#agenda

OWASP 25th Anniversary Virtual Conference | The OWASP Foundation Inc.

Join us as we celebrate OWASP’s 25th Anniversary with a free virtual conference dedicated to the global community that makes our mission possible. This milestone event features a dynamic lineup of insightful talks and inspiring highlights from OWASP chapters.Whether you’re a longtime contributor or new to the OWASP family, this conference is designed to honor our shared achievements, and give back to the community that has fueled OWASP for a quarter century. Let’s celebrate the...

Glue Up