You may be the best threat analyst in the world, but are you able to get the dev team to agree on when and what to fix?

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams in identifying security requirements in Agile development processes.

It works by allowing the team to agree on "what can go wrong", and "What are we going to do about it"?

#appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games

The team brings a DFD, finds threats by playing, and votes on what to fix in the next sprint. There is no ambiguity because threat elicitation and mitigation are part of "the definition of done".

So play OWASP Cornucopia!
The 25th anniversary edition can be played at copi.owasp.org, bought at CyberSec Games: https://cybersecgames.com/pages/owasp-cornucopia-threat-modeling-collection , or downloaded from: https://github.com/OWASP/cornucopia/releases/tag/v3.0.0

Read all about it here: https://dev.to/owasp/introducing-a-owasp-game-for-threat-modeling-agentic-ai-cloud-devops-frontend-llm-automation-5984

#appsec #llm #agentic #ai #cloud #devops #webdev #agile #games

OWASP Cornucopia Threat Modeling Collection

Build trust, shape a culture and kick start conversations. Physical games for in person threat modelling, training and fun.

CyberSec Games