@sydseter

31 Followers
56 Following
252 Posts

Co-leader for OWASP Cornucopia and co-creator of Cornucopia Mobile App Edition, an , AppSec Pokémon, application security engineer, developer, architect and DevOps practitioner.
https://cornucopia.owasp.org

If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐

🌈 «Difference is of the essence of humanity» – John Hume

OWAP Cornucopiahttps://cornucopia.owasp.org
Copihttps://copi.owasp.org
sydseter13h ago
Colin Watson13h ago

Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

https://cornucopia.owasp.org/news/20260508-companion-edition

@owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

Show threadsydseter14h ago

Read all about it here: https://dev.to/owasp/introducing-a-owasp-game-for-threat-modeling-agentic-ai-cloud-devops-frontend-llm-automation-5984

The new version is immediately available online at copi.owasp.org , for sale at CyberSec Games: cybersecgames.com/pages/owasp-cornucopia-threat-modeling-collection , and downloadable from the latest release: https://github.com/OWASP/cornucopia/releases/tag/v3.0.0

Introducing a OWASP Game for threat modeling Agentic AI, Cloud, Devops, Frontend, LLM, Automation, and Web

Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...

DEV Community
sydseter14h ago

Do you feel like yelling at the world for not doing threat modeling?

No need to yell, the tools are free!

Copi - The OWASP® Cornucopia Game Engine - (copi.owasp.org) Is free to use and perfect for distributed teams.

The new OWASP Cornucopia Companion Edition v1.0 comes with 6 suits covering: Agentic AI (AAI), Automated Threats (BOT), Cloud (CLD), Frontend (FRE), Large Language Models (LLM), and DevOps (DVO).

#appsec #owasp #llm #agentic #ai #cloud #devops #threatmodeling #agile #games

Show threadsydseter15h ago

The team brings a DFD, finds threats by playing, and votes on what to fix in the next sprint. There is no ambiguity because threat elicitation and mitigation are part of "the definition of done".

So play OWASP Cornucopia!
The 25th anniversary edition can be played at copi.owasp.org, bought at CyberSec Games: https://cybersecgames.com/pages/owasp-cornucopia-threat-modeling-collection , or downloaded from: https://github.com/OWASP/cornucopia/releases/tag/v3.0.0

Read all about it here: https://dev.to/owasp/introducing-a-owasp-game-for-threat-modeling-agentic-ai-cloud-devops-frontend-llm-automation-5984

#appsec #llm #agentic #ai #cloud #devops #webdev #agile #games

OWASP Cornucopia Threat Modeling Collection

Build trust, shape a culture and kick start conversations. Physical games for in person threat modelling, training and fun.

CyberSec Games
sydseter15h ago

You may be the best threat analyst in the world, but are you able to get the dev team to agree on when and what to fix?

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams in identifying security requirements in Agile development processes.

It works by allowing the team to agree on "what can go wrong", and "What are we going to do about it"?

#appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games

sydseter16h ago
sydseter20h ago

Scaling threat modeling?
More documentation won't help you.
More documentation leads to checkbox compliance, missed opportunities, and analysis paralysis.
Value:
-A culture of finding and fixing design issues over checkbox compliance
-People and collaboration over processes, methodologies, and tools
-A journey of understanding over a security or privacy snapshot
-Doing threat modeling over talking about it
-Continuous refinement over a single delivery

- Agile Threat Modeling Manifesto (1/4)

sydseter16h ago
sydseter1d ago

Yes! It’s time to party!

The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition.

Again! You may ask, but we have accumulated 25 years knowledge and wisdom distilled onto 158 playing cards. Using these cards, you will be able to do threat modeling of agentic AI, cloud, DevOps, frontend, LLM, automation, and web applications, all at the same time! Read all about it here: https://dev.to/owasp/introducing-a-owasp-game-for-threat-modeling-agentic-ai-cloud-devops-frontend-llm-automation-5984

Show threadsydseter19h ago
Read all about it here: https://dev.to/owasp/introducing-a-owasp-game-for-threat-modeling-agentic-ai-cloud-devops-frontend-llm-automation-5984
Introducing a OWASP Game for threat modeling Agentic AI, Cloud, Devops, Frontend, LLM, Automation, and Web

Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...

DEV Community
Show threadsydseter20h ago

A suit in the Companion deck may replace (or be used in addition to) existing suits.
For example, say you are building an LLM application and want to perform threat modeling and security requirement analysis specifically for LLM.

You would then use the OWASP Cornucopia Website Edition and the LLM companion suit as your elected OWASP Cornucopia focus area.

This, immediately available at copi.owasp.org

You can also download the design files from the latest release. https://github.com/OWASP/cornucopia/releases/tag/v3.0.0

Release Release v3.0.0 · OWASP/cornucopia

What's Changed feat: add companion edition suites to Copi by @Mysterio-17 in #2885 build(deps-dev): bump wrangler from 4.84.1 to 4.85.0 in /cornucopia.owasp.org by @dependabot[bot] in #2884 build(...

GitHub
Show threadsydseter20h ago

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams in identifying security requirements in Agile development processes. It is language, platform, and technology-agnostic.

So play OWASP Cornucopia!

The new Companion Edition v1.0 comes with 6 companion suits covering new topics: Agentic AI (AAI), Automated Threats (BOT), Cloud (CLD), Frontend (FRE), Large Language Models (LLM), and DevOps (DVO).

see: https://dev.to/owasp/introducing-a-owasp-game-for-threat-modeling-agentic-ai-cloud-devops-frontend-llm-automation-5984

(2/4)