C9:2018-ImplementSecurityLogging andMonitoringA7:2017-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataA1:2013-InjectionA1:2017-InjectionA9:2017-UsingComponentswith KnownVulnerabilitiesA8:2017-InsecureDeserializationA5:2017-BrokenAccessControlC6:2018-ImplementDigitalIdentityA4:2013-InsecureDirect ObjectReferencesC1:2018-DefineSecurityRequirementsA6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagementA2:2017-BrokenAuthenticationA3:2017-SensitiveDataExposureA9:2013-UsingComponentswith KnownVulnerabilitiesC7:2018-EnforceAccessControlsA7:2013-MissingFunctionLevel AccessControlA10:2017-InsufficientLogging &MonitoringA10:2013-UnvalidatedRedirectsandForwardsC5:2018-ValidateAll InputsC8:2018-ProtectDataEverywhereA4:2017-XMLExternalEntities(XXE)A8:2013-Cross-SiteRequestForgery(CSRF)C10:2018-Handle allErrors andExceptionsA3:2013-Cross-SiteScripting(XSS)A6:2013-SensitiveDataExposureC3:2018-SecureDatabaseAccessA5:2013-SecurityMisconfigurationC2:2018-LeverageSecurityFrameworksand LibrariesC9:2018-ImplementSecurityLogging andMonitoringA7:2017-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataA1:2013-InjectionA1:2017-InjectionA9:2017-UsingComponentswith KnownVulnerabilitiesA8:2017-InsecureDeserializationA5:2017-BrokenAccessControlC6:2018-ImplementDigitalIdentityA4:2013-InsecureDirect ObjectReferencesC1:2018-DefineSecurityRequirementsA6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagementA2:2017-BrokenAuthenticationA3:2017-SensitiveDataExposureA9:2013-UsingComponentswith KnownVulnerabilitiesC7:2018-EnforceAccessControlsA7:2013-MissingFunctionLevel AccessControlA10:2017-InsufficientLogging &MonitoringA10:2013-UnvalidatedRedirectsandForwardsC5:2018-ValidateAll InputsC8:2018-ProtectDataEverywhereA4:2017-XMLExternalEntities(XXE)A8:2013-Cross-SiteRequestForgery(CSRF)C10:2018-Handle allErrors andExceptionsA3:2013-Cross-SiteScripting(XSS)A6:2013-SensitiveDataExposureC3:2018-SecureDatabaseAccessA5:2013-SecurityMisconfigurationC2:2018-LeverageSecurityFrameworksand Libraries

Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  1. C9:2018-Implement Security Logging and Monitoring
  2. A7:2017-Cross-Site Scripting (XSS)
  3. C4:2018-Encode and Escape Data
  4. A1:2013-Injection
  5. A1:2017-Injection
  6. A9:2017-Using Components with Known Vulnerabilities
  7. A8:2017-Insecure Deserialization
  8. A5:2017-Broken Access Control
  9. C6:2018-Implement Digital Identity
  10. A4:2013-Insecure Direct Object References
  11. C1:2018-Define Security Requirements
  12. A6:2017-Security Misconfiguration
  13. A2:2013-Broken Authentication and Session Management
  14. A2:2017-Broken Authentication
  15. A3:2017-Sensitive Data Exposure
  16. A9:2013-Using Components with Known Vulnerabilities
  17. C7:2018-Enforce Access Controls
  18. A7:2013-Missing Function Level Access Control
  19. A10:2017-Insufficient Logging & Monitoring
  20. A10:2013-Unvalidated Redirects and Forwards
  21. C5:2018-Validate All Inputs
  22. C8:2018-Protect Data Everywhere
  23. A4:2017-XML External Entities (XXE)
  24. A8:2013-Cross-Site Request Forgery (CSRF)
  25. C10:2018-Handle all Errors and Exceptions
  26. A3:2013-Cross-Site Scripting (XSS)
  27. A6:2013-Sensitive Data Exposure
  28. C3:2018-Secure Database Access
  29. A5:2013-Security Misconfiguration
  30. C2:2018-Leverage Security Frameworks and Libraries