Agile Stationery

OWASP® Cornucopia 2.0 Website App Edition - Threat Modeling Cards

£18.00
Size: 80 cards

OWASP® Cornucopia 2.0 is an updated threat modeling tool in the form of a card game designed to help software development teams identify security requirements in Agile, conventional, and formal development processes.

The deck contains 80 tarot-style cards, each representing a common error or anti-pattern based on data from OWASP experts, that allows systems to be vulnerable to attack . The cards are divided into six suits: Data Validation and Encoding, Authentication, Session Management, Authorization, Cryptography, and a catch-all "Cornucopia" suit.

This tool is accessible to all skill levels, from beginners to security experts, and aligns with widely-recognized standards such as OWASP ASVS, MASVS, MASTG, SAFECode, SCP, and CAPEC. This version contains the updated OWASP ASVS Mapping, aligned with ASVS v4.0.

Also available in a mobile edition!

Got Remote teams? Use Croupier to generate random hands for remote players and continue to play using physical cards.

OWASP is a registered trademark of the OWASP Foundation.

HOW TO PLAY
  • The gameplay is consistent with the Elevation of Privilege game - and Hearts! Check out the instructions here.
  • Croupier - If you're teams are remote, use our online hand dealing tool to randomly deal out the cards for each player
CUSTOMISATION

Branded versions of our decks can be a great way to send a message as part of a transformation, or demonstrate leadership buy-in during any kind of cultural change.

Explore pricing for Branded OWASP Cornucopia decks.

Size: 80 cards