Agile Stationery
OWASP® Cornucopia 2.0 Website App Edition - Threat Modeling Cards
OWASP® Cornucopia 2.0 is an updated threat modeling tool in the form of a card game designed to help software development teams identify security requirements in Agile, conventional, and formal development processes.
The deck contains 80 tarot-style cards, each representing a common error or anti-pattern based on data from OWASP experts, that allows systems to be vulnerable to attack . The cards are divided into six suits: Data Validation and Encoding, Authentication, Session Management, Authorization, Cryptography, and a catch-all "Cornucopia" suit.
This tool is accessible to all skill levels, from beginners to security experts, and aligns with widely-recognized standards such as OWASP ASVS, MASVS, MASTG, SAFECode, SCP, and CAPEC. This version contains the updated OWASP ASVS Mapping, aligned with ASVS v4.0.
Also available in a mobile edition!
Got Remote teams? Use Croupier to generate random hands for remote players and continue to play using physical cards.
OWASP is a registered trademark of the OWASP Foundation.
CUSTOMISATION
Branded versions of our decks can be a great way to send a message as part of a transformation, or demonstrate leadership buy-in during any kind of cultural change.
Explore pricing for Branded OWASP Cornucopia decks.