Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.

1. A4:2013-Insecure Direct Object References
2. C9:2018-Implement Security Logging and Monitoring
3. C2:2018-Leverage Security Frameworks and Libraries
4. A10:2013-Unvalidated Redirects and Forwards
5. A10:2017-Insufficient Logging & Monitoring
6. C5:2018-Validate All Inputs
7. C6:2018-Implement Digital Identity
8. A5:2017-Broken Access Control
9. A1:2013-Injection
10. A8:2013-Cross-Site Request Forgery (CSRF)
11. A9:2013-Using Components with Known Vulnerabilities
12. C7:2018-Enforce Access Controls
13. A2:2017-Broken Authentication
14. A1:2017-Injection
15. A5:2013-Security Misconfiguration
16. A9:2017-Using Components with Known Vulnerabilities
17. A4:2017-XML External Entities (XXE)
18. C4:2018-Encode and Escape Data
19. A2:2013-Broken Authentication and Session Management
20. C10:2018-Handle all Errors and Exceptions
21. A7:2017-Cross-Site Scripting (XSS)
22. C1:2018-Define Security Requirements
23. A6:2017-Security Misconfiguration
24. A3:2013-Cross-Site Scripting (XSS)
25. C8:2018-Protect Data Everywhere
26. A3:2017-Sensitive Data Exposure
27. C3:2018-Secure Database Access
28. A7:2013-Missing Function Level Access Control
29. A8:2017-Insecure Deserialization
30. A6:2013-Sensitive Data Exposure