@sydseter

35 Followers
57 Following
322 Posts

Co-leader for OWASP Cornucopia and co-creator of Cornucopia Mobile App Edition, an , AppSec Pokémon, application security engineer, developer, architect and DevOps practitioner.
https://cornucopia.owasp.org

If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐

🌈 «Difference is of the essence of humanity» – John Hume

OWAP Cornucopiahttps://cornucopia.owasp.org
Copihttps://copi.owasp.org

Just received 4 copies of OWASP Cornucopia Web App Companion Set, which celebrates 25 years of The Open Web/World Application Security Project (OWASP). The duplex pack contains a deck of Website App Edition, a deck of the new Companion Edition, and specially-written booklet. All the data, code and source files are available free online https://cornucopia.owasp.org

Well done CyberSec Games for doing such a great job printing (and selling) this unique pack.

#owasp #threatmodelling #appsec @owasp

OWASP Cornucopia just released v3.2.2

https://github.com/OWASP/cornucopia/releases/tag/v3.2.2

A Special thanks to Adarsh Kumar for adding DBD Cornucopia to copi.owasp.org and for providing various bugfixes for the project.

Thank you so much for all your help!

Read more about DBD Cornucopia here: https://dev.to/owasp/dbd-cornucopia-is-now-available-to-play-online-4f83

#cornucopia #website #threatmodeling #appsec #games #security

Release Release v3.2.2 · OWASP/cornucopia

What's Changed build(deps): bump hackney from 4.2.3 to 4.4.3 in /copi.owasp.org by @dependabot[bot] in #3131 build(deps): bump tailwind from 0.4.1 to 0.5.1 in /copi.owasp.org by @dependabot[bot] i...

GitHub

If anyone can drag threat modelling out of checklists, meetings and polite silence, it is Johan Sydseter.

In our next Behind the Game, we are joined by Johan, one of the key driving forces behind the continued evolution of OWASP Cornucopia threat modeling game.

https://www.linkedin.com/posts/cybersec-games_cybersecurity-threatmodeling-seriousgames-activity-7472578550227931137-MOMZ

#cybersecurity #threatmodeling #seriousgames | CyberSec Games

If anyone can drag threat modelling out of checklists, meetings and polite silence, it is Johan Sydseter. In our next Behind the Game session, we are joined by Johan, one of the key driving forces behind the development, adoption and continued evolution of OWASP Cornucopia threat modeling game. Johan has been a huge advocate for using games to make security more human, more collaborative and a lot less painful. From the Web and Mobile App editions through to the latest Companion Edition which introduces suits focussed on Agentic AI, Automated Threats, Cloud, Frontend, Large Language Models and DevOps, Johan's energy, insight and willingness to share his experience have helped teams understand how Cornucopia can be used in practice. And in the year of the OWASP® Foundation’s 25th anniversary, it feels like the perfect moment to talk about how Cornucopia continues to evolve. We will be asking Johan how this all happened. Why games? Why keep pushing Cornucopia forward with new editions. Expect passion. Expect stories and expect a conversation about how to make threat modelling something teams actually want to do. #cybersecurity #threatmodeling #seriousgames

LinkedIn
I want to give a big thank you to @Adarshkumar0509 for implementing the game on Copi.

These harms have now also been converted into a Cornucopia deck of cards, to help teams identify negative impacts on the service users, and thus to provide requirements which avoid or minimise such harms. The deck is called “Digital Benefits and Disbenefits Cornucopia” and uses the same game method. (4/4)

The game is now available at copi.owasp.org

Read more at: https://dev.to/owasp/dbd-cornucopia-is-now-available-to-play-online-4f83

#threatmodeling #appsec #security #welfare #benefits #disbenefits #cornucopia #games

DBD Cornucopia is now available to play online!

In development, we are used to understanding threat modelling as a structured method to make...

DEV Community
Following completion of the PhD, Colin Watson gathered together harms identified that can arise through the choices made during the software development for these e-government services. These are far broader and deeper than the few accessibility matters (constrained to concerns about the UI). (3/4)

In recent years, Colin Watson, who created OWASP Cornucopia in 2012, undertook a PhD at Newcastle University, UK. This examined how the digital implementation of e-government services impacts citizens.

The research's scope was digitisation of social protection cash payments (in the UK called “welfare benefits”) and those working-age citizens who apply for, and possibly receive, the support payments (in the UK known as “benefit claimants”). (2/4)

Assessments of threats can be seen from different perspectives. Developers may come across privacy impact assessments (PIAs), where threats to users' data and the impact on those users are paramount. PIAs may additionally examine harms to organisations, third parties and wider society. (1/4)

Read more at: https://dev.to/owasp/dbd-cornucopia-is-now-available-to-play-online-4f83

#threatmodeling #appsec #security #welfare #benefits #disbenefits #cornucopia #games

Assessments of threats can be seen from different perspectives. Developers may come across privacy impact assessments (PIAs), where threats to users' data and the impact on those users are paramount. PIAs may additionally examine harms to organisations, third parties and wider society. (1/6)

#games

You may be the best threat analyst in the world, but are you able to get the dev team to agree on when and what to fix?

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams in identifying security requirements in Agile development processes.

It works by allowing the team to agree on "what can go wrong", and "What are we going to do about it"?

#appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games