C8:2018-ProtectDataEverywhereA7:2013-MissingFunctionLevel AccessControlC3:2018-SecureDatabaseAccessA9:2017-UsingComponentswith KnownVulnerabilitiesA9:2013-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)A8:2017-InsecureDeserializationC1:2018-DefineSecurityRequirementsC5:2018-ValidateAll InputsA3:2013-Cross-SiteScripting(XSS)C7:2018-EnforceAccessControlsA4:2017-XMLExternalEntities(XXE)C10:2018-Handle allErrors andExceptionsA5:2017-BrokenAccessControlC6:2018-ImplementDigitalIdentityA10:2013-UnvalidatedRedirectsandForwardsC9:2018-ImplementSecurityLogging andMonitoringA6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagementA10:2017-InsufficientLogging &MonitoringA5:2013-SecurityMisconfigurationA1:2017-InjectionA3:2017-SensitiveDataExposureA8:2013-Cross-SiteRequestForgery(CSRF)A1:2013-InjectionC2:2018-LeverageSecurityFrameworksand LibrariesA4:2013-InsecureDirect ObjectReferencesA6:2013-SensitiveDataExposureC4:2018-Encode andEscape DataA2:2017-BrokenAuthenticationC8:2018-ProtectDataEverywhereA7:2013-MissingFunctionLevel AccessControlC3:2018-SecureDatabaseAccessA9:2017-UsingComponentswith KnownVulnerabilitiesA9:2013-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)A8:2017-InsecureDeserializationC1:2018-DefineSecurityRequirementsC5:2018-ValidateAll InputsA3:2013-Cross-SiteScripting(XSS)C7:2018-EnforceAccessControlsA4:2017-XMLExternalEntities(XXE)C10:2018-Handle allErrors andExceptionsA5:2017-BrokenAccessControlC6:2018-ImplementDigitalIdentityA10:2013-UnvalidatedRedirectsandForwardsC9:2018-ImplementSecurityLogging andMonitoringA6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagementA10:2017-InsufficientLogging &MonitoringA5:2013-SecurityMisconfigurationA1:2017-InjectionA3:2017-SensitiveDataExposureA8:2013-Cross-SiteRequestForgery(CSRF)A1:2013-InjectionC2:2018-LeverageSecurityFrameworksand LibrariesA4:2013-InsecureDirect ObjectReferencesA6:2013-SensitiveDataExposureC4:2018-Encode andEscape DataA2:2017-BrokenAuthentication

Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  1. C8:2018-Protect Data Everywhere
  2. A7:2013-Missing Function Level Access Control
  3. C3:2018-Secure Database Access
  4. A9:2017-Using Components with Known Vulnerabilities
  5. A9:2013-Using Components with Known Vulnerabilities
  6. A7:2017-Cross-Site Scripting (XSS)
  7. A8:2017-Insecure Deserialization
  8. C1:2018-Define Security Requirements
  9. C5:2018-Validate All Inputs
  10. A3:2013-Cross-Site Scripting (XSS)
  11. C7:2018-Enforce Access Controls
  12. A4:2017-XML External Entities (XXE)
  13. C10:2018-Handle all Errors and Exceptions
  14. A5:2017-Broken Access Control
  15. C6:2018-Implement Digital Identity
  16. A10:2013-Unvalidated Redirects and Forwards
  17. C9:2018-Implement Security Logging and Monitoring
  18. A6:2017-Security Misconfiguration
  19. A2:2013-Broken Authentication and Session Management
  20. A10:2017-Insufficient Logging & Monitoring
  21. A5:2013-Security Misconfiguration
  22. A1:2017-Injection
  23. A3:2017-Sensitive Data Exposure
  24. A8:2013-Cross-Site Request Forgery (CSRF)
  25. A1:2013-Injection
  26. C2:2018-Leverage Security Frameworks and Libraries
  27. A4:2013-Insecure Direct Object References
  28. A6:2013-Sensitive Data Exposure
  29. C4:2018-Encode and Escape Data
  30. A2:2017-Broken Authentication