Agile Stationery

OWASP® Cornucopia 2.0 Website App Edition - Threat Modeling Cards

In stock on 22nd July 2024. Available to pre-order!

OWASP® Cornucopia 2.0 is an updated threat modeling tool in the form of a card game designed to help software development teams identify security requirements in Agile, conventional and formal development processes. 

The decks contains 80 cards. Each card describes a common error or anti-pattern that allows systems to be vulnerable to attack. These vulnerabilities are chosen from data gathered by web security experts at OWASP and arranged in five key suits, with a sixth, "Cornucopia," encompassing additional elements:

  • Data Validation and Encoding
  • Authentication
  • Session Management
  • Authorization
  • Cryptography
  • Cornucopia

This version connects gameplay with well-researched standards like OWASP ASVS, MASVS, MASTG, SAFECode, SCP, and CAPEC, making it a versatile and comprehensive tool for security design and threat modeling without requiring prior knowledge of these standards.

Key Features:

  • Updated OWASP ASVS Mapping: Now aligned with ASVS v4.0.
  • Reliably Fun - consistent with Elevation of Privilege - and Hearts! Simultaneously competitive and collaborative, due to it's playful and inclusive gameplay.
  • Platform and technology-agnostic - useful for everyone from PHP hackers, through Java wranglers, to PhD security experts
  • Convenient tarot size - matching our collection of tarot sized threat modeling games
  • Slick and colourful - printed on Creatio Game Board.
  • Scratch resistant exterior packaging
  • Compatible with Web App projects - but also available in a mobile edition!
  • Customisable - make it official by adding your brand logo

OWASP is a registered trademark of the OWASP Foundation.