The Cornucopia of Gamified Threat Modeling
At the OWASP Cornucopia project, we are done with updating the cards and help pages for the Website App Edition v3.0!
dev.to/owasp/the-co...
#appsec #cybersecurity #gamedev #securityThe Cornucopia of Gamified Thr...
The Cornucopia of Gamified Threat Modeling
At the OWASP Cornucopia project, we are done with updating the cards and help pages for the Website...
We would like to thank everyone who contributed to the translations for the new version of the card game and welcome you to review the text on the help pages themselves. Are there inconsistencies? Is there something you feel should be added or removed?
#appsec #cybersecurity #gamedev #securityIf you find anything, please don't hesitate to contact us or raise an issue.
Each page includes a "View source on GitHub" button that lets you edit the text if you aren't pleased with it. All viewpoints and critiques are welcome as we are trying to create a home for gamified threat modelling.
If you think we used AI to generate that crazy mapping between Cards, OWASP ASVS, CAPECs and OWASP Cheat Sheets, the answer is no. It's manual analysis and review. An LLM wouldn't be able to do it.
cornucopia.owasp.org/edition/weba...?
OWASP Cornucopia - Website App...
OWASP Cornucopia - Website App Edition - DATA VALIDATION & ENCODING (VEK)
Gabe can inject data into a server-side interpreter (e.g. SQL, OS commands, Xpath, Server JavaScript, SMTP) because a strongly typed parameterised interface is not being used, not implemented correctly, or properly configured
Uncle Joe