OWASP Cornucopia just released v3.2.2
https://github.com/OWASP/cornucopia/releases/tag/v3.2.2
A Special thanks to Adarsh Kumar for adding DBD Cornucopia to copi.owasp.org and for providing various bugfixes for the project.
Thank you so much for all your help!
Read more about DBD Cornucopia here: https://dev.to/owasp/dbd-cornucopia-is-now-available-to-play-online-4f83
#cornucopia #website #threatmodeling #appsec #games #security
Assessments of threats can be seen from different perspectives. Developers may come across privacy impact assessments (PIAs), where threats to users' data and the impact on those users are paramount. PIAs may additionally examine harms to organisations, third parties and wider society. (1/4)
Read more at: https://dev.to/owasp/dbd-cornucopia-is-now-available-to-play-online-4f83
#threatmodeling #appsec #security #welfare #benefits #disbenefits #cornucopia #games
These harms have now also been converted into a Cornucopia deck of cards, to help teams identify negative impacts on the service users, and thus to provide requirements which avoid or minimise such harms. The deck is called “Digital Benefits and Disbenefits Cornucopia” and uses the same game method. (4/4)
The game is now available at copi.owasp.org
Read more at: https://dev.to/owasp/dbd-cornucopia-is-now-available-to-play-online-4f83
#threatmodeling #appsec #security #welfare #benefits #disbenefits #cornucopia #games
If anyone can drag threat modelling out of checklists, meetings and polite silence, it is Johan Sydseter.
In our next Behind the Game, we are joined by Johan, one of the key driving forces behind the continued evolution of OWASP Cornucopia threat modeling game.
If anyone can drag threat modelling out of checklists, meetings and polite silence, it is Johan Sydseter. In our next Behind the Game session, we are joined by Johan, one of the key driving forces behind the development, adoption and continued evolution of OWASP Cornucopia threat modeling game. Johan has been a huge advocate for using games to make security more human, more collaborative and a lot less painful. From the Web and Mobile App editions through to the latest Companion Edition which introduces suits focussed on Agentic AI, Automated Threats, Cloud, Frontend, Large Language Models and DevOps, Johan's energy, insight and willingness to share his experience have helped teams understand how Cornucopia can be used in practice. And in the year of the OWASP® Foundation’s 25th anniversary, it feels like the perfect moment to talk about how Cornucopia continues to evolve. We will be asking Johan how this all happened. Why games? Why keep pushing Cornucopia forward with new editions. Expect passion. Expect stories and expect a conversation about how to make threat modelling something teams actually want to do. #cybersecurity #threatmodeling #seriousgames
DBD Cornucopia is now available for teams to play online. Free to use, no registration, no tracking.
Thank you Adarsh Kumar @Adarshkumar0509 from OWASP Cornucopia (open source security threat modelling of software) for adding Digital Benefits and Disbenefits Cornucopia to their Copi online gaming engine.
#welfarebenefits #socialprotection #egovernment #servicedesign #threatmodelling #harms #hci
The Digital Benefits and Disbenefits Cornucopia croupier has dealt the Seven of Scope (SC-7). The card's focus is delivery channels. Full details at https://www.digitalbenefits.uk/deck/scope/7
DBD Cornucopia is a practical tool for teams implementing welfare benefit e-government services. It assists system review to identify how digitisation choices affect claimants adversely.
#welfarebenefits #socialsecurity #socialprotection #egovernment #publicservices #uk #scope
The Digital Benefits and Disbenefits Cornucopia croupier has dealt the King of Architecture (AR-K). The card's focus is data retention and access. Full details at https://www.digitalbenefits.uk/deck/architecture/K
DBD Cornucopia is a practical tool for teams implementing welfare benefit e-government services. It assists system review to identify how digitisation choices affect claimants adversely.
#welfarebenefits #socialsecurity #socialprotection #egovernment #publicservices #uk #architectur
Could something be skipping though the "customer interaction" points in your application?
BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.
Read the whole scenario at https://cornucopia.owasp.org/edition/companion/BOT3/1.0/en
Details of new release at https://cornucopia.owasp.org/news/20260508-companion-edition
@owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia
Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.
The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).
https://cornucopia.owasp.org/news/20260508-companion-edition
@owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp
The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.
https://cornucopia.owasp.org/news/20260508-companion-edition
@owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec
1/2
sydseter
DBD Cornucopia
Colin Watson