.,,uod8B8bou,,.
..,uod8BBBBBBBBBBBBBBBBRPFT?l!i:.
,=m8BBBBBBBBBBBBBBBRPFT?!||||||||||||||
!...:!TVBBBRPFT||||||||||!!^^""' ||||
!.......:!?|||||!!^^""' ||||
!.........|||| ||||
!.........|||| ## ||||
!.........|||| ||||
!.........|||| ||||
!.........|||| ||||
!.........|||| ||||
`.........|||| ,||||
.;.......|||| _.-!!|||||
.,uodWBBBBb.....|||| _.-!!|||||||||!:'
!YBBBBBBBBBBBBBBb..!|||:..-!!|||||||!iof68BBBBBb....
!..YBBBBBBBBBBBBBBb!!||||||||!iof68BBBBBBRPFT?!:: `.
!....YBBBBBBBBBBBBBBbaaitf68BBBBBBRPFT?!::::::::: `.
!......YBBBBBBBBBBBBBBBBBBBRPFT?!::::::;:!^"`;::: `.
!........YBBBBBBBBBBRPFT?!::::::::::^''...::::::; iBBbo.
`..........YBRPFT?!::::::::::::::::::::::::;iof68bo. WBBBBbo.
`..........:::::::::::::::::::::::;iof688888888888b. `YBBBP^'
`........::::::::::::::::;iof688888888888888888888b. `
`......:::::::::;iof688888888888888888888888888888b.
`....:::;iof688888888888888888888888888888888899fT!
`..::!8888888888888888888888888888888899fT|!^"'
`' !!988888888888888888888888899fT|!^"'
`!!8888888888888888899fT|!^"'
`!988888888899fT|!^"'
`!9899fT|!^"'
`!^"'
Owasp Cornucopia is a card game, meant to be played in an agile development context. It allows developers to identify and discuss security requirements for their software applications. It is an easy way to introduce the practice of threat modeling in a software development team. Playing the card game encourages developers to actively think about the kind of threats that can emerge when creating software. This empowers teams to independently secure their applications while building them. Doing so embraces the shift-left strategy, where security becomes an integrated part of the development cycle.
Learn how to play .mmMMMMMMMMMMMMMmm.
.mMMMMMMMMMMMMMMMMMMMMMMMm.
.mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm.
.MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM.
.MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM.
MMMMMMMM' `"MMMMM"""""""MMMM""` 'MMMMMMMM
MMMMMMMMM MMMMMMMMM
MMMMMMMMMM: :MMMMMMMMMM
.MMMMMMMMMM MMMMMMMMMM.
MMMMMMMMM" "MMMMMMMMM
MMMMMMMMM MMMMMMMMM
MMMMMMMMM MMMMMMMMM
MMMMMMMMMM MMMMMMMMMM
`MMMMMMMMMM MMMMMMMMMM`
MMMMMMMMMMMM. .MMMMMMMMMMMM
MMMMMM MMMMMMMMMM MMMMMMMMMMMMMMMMMM
MMMMMM 'MMMMMMM MMMMMMMMMMMMMMMM
`MMMMMM "MMMMM MMMMMMMMMMMMMM`
`MMMMMm MMMMMMMMMMMM`
`"MMMMMMMMM MMMMMMMMM"`
`"MMMMMM MMMMMM"`
`""M M""`
One of the main advantages of the OWASP Cornucopia card game being open source is that it allows anyone to access and use the game without any licensing fees or restrictions. This encourages widespread adoption and makes it easier for teams to integrate the game into their security practices. Additionally, being open source means that the game is transparent and customizable. Teams can modify the game to suit their specific needs and address the security threats that are most relevant to their applications. They can also contribute back to the game's development by submitting new cards or improvements. Furthermore, open source software tends to have a large and active community of developers who contribute to the codebase and offer support. This can lead to faster bug fixes and updates, ensuring that the game remains relevant and effective in identifying security threats.
View source on Github .;+itIYIIYIIYItt+;:
=tXVVXItt+;=;;=+itIYVVXIi:
;YVXXt=: .;tYXXX+
.tVXVt; .iXXVI:
tRXX; .;; ;YVVY:
;RXV; +RR+..YVRt
.XXR; :;. ;BBY.:VXR;
;RYX :XBY; tBBi tVR+
;RV+ :; :RMB+;BMB.;RXt
;RR; ;RR+.tBMBiBMB::RXt
:RV; .+;. iBBY;BMMBMMB.:RXi
RYt =BBi:BMBXBMMMBY. ;RR;
YtV +Y+:tMBIBMMBMR= iIR
:RR. .::. .tBXtMMBMBY: RIi
XIt ;IRBRXVRBY; ;BBBMR= ;VR
.RR ;RBt: .+RB; :BI: VY;
+tX iBt =BX itY
Yt= ;Bi :Bt :XR
RX: RX =B: RX.
RR :B: Ri YX:
RR ;B YY YY;
RR :B; Ri YX:
RX: RX +B: RX.
YI; +Ri :Bt :XR
+tX .i: iBI iBX itY
.RR ;VBBB. ;RBt: :+RR+ VY;
XIt .tBMMMRBB; ;tRBVXVBRY; ;VR
:RR. ;RBMMBVBB;;RR; .::. RIi
IIR .tBMMMBMMB;RMX: tIR
RII BMMBMMBiBMB;:+Vi: ;RR:
:RV;:BMBXBMB;;VBY. :RX+
;RV+:BMB;RBMY ;t; ;RXt
;RXt.RMB;:tBB= ;RVi
:RYR.;BBY. :+t; IXR;
XXR+ ;RBY: ;RYR:
;RYR; .;Yi: :XXVt
+VXV= ;YVVt.
+VXVI; ;tVXVt.
;tVXXYi;. ;+IXXVY;
;tIVVXXYti=====iiIXXVVYt;
:;iitItttttItt+;:
The OWASP Cornucopia card game can be effectively integrated into an Agile development process. In Agile, the focus is on delivering working software quickly and continuously improving it based on feedback. The Cornucopia game can be used to identify potential security threats early in the development process, allowing teams to address them before they become major issues. The game can be played during planning sessions, where teams can discuss the security risks associated with each feature and prioritize them accordingly. It can also be used during testing to ensure that all identified risks have been addressed before releasing the software. The game can be played by cross-functional teams, including developers, testers, and security experts, to promote collaboration and shared responsibility for security. The game's flexible and customizable nature also allows teams to tailor it to their specific Agile process and development methodologies. By integrating the Cornucopia game into Agile development, teams can ensure that security is a key consideration throughout the entire software development lifecycle.