Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.

1. A2:2013-Broken Authentication and Session Management
2. A2:2017-Broken Authentication
3. A9:2013-Using Components with Known Vulnerabilities
4. C2:2018-Leverage Security Frameworks and Libraries
5. A7:2017-Cross-Site Scripting (XSS)
6. C7:2018-Enforce Access Controls
7. C8:2018-Protect Data Everywhere
8. A8:2013-Cross-Site Request Forgery (CSRF)
9. A5:2013-Security Misconfiguration
10. A10:2017-Insufficient Logging & Monitoring
11. C6:2018-Implement Digital Identity
12. A9:2017-Using Components with Known Vulnerabilities
13. A3:2013-Cross-Site Scripting (XSS)
14. C9:2018-Implement Security Logging and Monitoring
15. C10:2018-Handle all Errors and Exceptions
16. A5:2017-Broken Access Control
17. A6:2013-Sensitive Data Exposure
18. A4:2013-Insecure Direct Object References
19. C4:2018-Encode and Escape Data
20. C5:2018-Validate All Inputs
21. A4:2017-XML External Entities (XXE)
22. A3:2017-Sensitive Data Exposure
23. A1:2017-Injection
24. C3:2018-Secure Database Access
25. A8:2017-Insecure Deserialization
26. A6:2017-Security Misconfiguration
27. A1:2013-Injection
28. A10:2013-Unvalidated Redirects and Forwards
29. C1:2018-Define Security Requirements
30. A7:2013-Missing Function Level Access Control