A8:2013-Cross-SiteRequestForgery(CSRF)A5:2013-SecurityMisconfigurationA1:2013-InjectionC7:2018-EnforceAccessControlsA2:2013-BrokenAuthenticationand SessionManagementA6:2017-SecurityMisconfigurationA4:2013-InsecureDirect ObjectReferencesC3:2018-SecureDatabaseAccessA1:2017-InjectionC9:2018-ImplementSecurityLogging andMonitoringA7:2017-Cross-SiteScripting(XSS)A5:2017-BrokenAccessControlC1:2018-DefineSecurityRequirementsA7:2013-MissingFunctionLevel AccessControlA4:2017-XMLExternalEntities(XXE)A8:2017-InsecureDeserializationC4:2018-Encode andEscape DataC2:2018-LeverageSecurityFrameworksand LibrariesA9:2017-UsingComponentswith KnownVulnerabilitiesC6:2018-ImplementDigitalIdentityC5:2018-ValidateAll InputsA3:2017-SensitiveDataExposureA10:2013-UnvalidatedRedirectsandForwardsA6:2013-SensitiveDataExposureA10:2017-InsufficientLogging &MonitoringC8:2018-ProtectDataEverywhereA2:2017-BrokenAuthenticationA3:2013-Cross-SiteScripting(XSS)C10:2018-Handle allErrors andExceptionsA9:2013-UsingComponentswith KnownVulnerabilitiesA8:2013-Cross-SiteRequestForgery(CSRF)A5:2013-SecurityMisconfigurationA1:2013-InjectionC7:2018-EnforceAccessControlsA2:2013-BrokenAuthenticationand SessionManagementA6:2017-SecurityMisconfigurationA4:2013-InsecureDirect ObjectReferencesC3:2018-SecureDatabaseAccessA1:2017-InjectionC9:2018-ImplementSecurityLogging andMonitoringA7:2017-Cross-SiteScripting(XSS)A5:2017-BrokenAccessControlC1:2018-DefineSecurityRequirementsA7:2013-MissingFunctionLevel AccessControlA4:2017-XMLExternalEntities(XXE)A8:2017-InsecureDeserializationC4:2018-Encode andEscape DataC2:2018-LeverageSecurityFrameworksand LibrariesA9:2017-UsingComponentswith KnownVulnerabilitiesC6:2018-ImplementDigitalIdentityC5:2018-ValidateAll InputsA3:2017-SensitiveDataExposureA10:2013-UnvalidatedRedirectsandForwardsA6:2013-SensitiveDataExposureA10:2017-InsufficientLogging &MonitoringC8:2018-ProtectDataEverywhereA2:2017-BrokenAuthenticationA3:2013-Cross-SiteScripting(XSS)C10:2018-Handle allErrors andExceptionsA9:2013-UsingComponentswith KnownVulnerabilities

Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  1. A8:2013-Cross-Site Request Forgery (CSRF)
  2. A5:2013-Security Misconfiguration
  3. A1:2013-Injection
  4. C7:2018-Enforce Access Controls
  5. A2:2013-Broken Authentication and Session Management
  6. A6:2017-Security Misconfiguration
  7. A4:2013-Insecure Direct Object References
  8. C3:2018-Secure Database Access
  9. A1:2017-Injection
  10. C9:2018-Implement Security Logging and Monitoring
  11. A7:2017-Cross-Site Scripting (XSS)
  12. A5:2017-Broken Access Control
  13. C1:2018-Define Security Requirements
  14. A7:2013-Missing Function Level Access Control
  15. A4:2017-XML External Entities (XXE)
  16. A8:2017-Insecure Deserialization
  17. C4:2018-Encode and Escape Data
  18. C2:2018-Leverage Security Frameworks and Libraries
  19. A9:2017-Using Components with Known Vulnerabilities
  20. C6:2018-Implement Digital Identity
  21. C5:2018-Validate All Inputs
  22. A3:2017-Sensitive Data Exposure
  23. A10:2013-Unvalidated Redirects and Forwards
  24. A6:2013-Sensitive Data Exposure
  25. A10:2017-Insufficient Logging & Monitoring
  26. C8:2018-Protect Data Everywhere
  27. A2:2017-Broken Authentication
  28. A3:2013-Cross-Site Scripting (XSS)
  29. C10:2018-Handle all Errors and Exceptions
  30. A9:2013-Using Components with Known Vulnerabilities