C6:2018-ImplementDigitalIdentityA9:2017-UsingComponentswith KnownVulnerabilitiesC10:2018-Handle allErrors andExceptionsA2:2013-BrokenAuthenticationand SessionManagementC1:2018-DefineSecurityRequirementsA8:2013-Cross-SiteRequestForgery(CSRF)C9:2018-ImplementSecurityLogging andMonitoringA4:2017-XMLExternalEntities(XXE)A2:2017-BrokenAuthenticationA5:2013-SecurityMisconfigurationA7:2013-MissingFunctionLevel AccessControlC4:2018-Encode andEscape DataC5:2018-ValidateAll InputsA1:2017-InjectionA1:2013-InjectionC3:2018-SecureDatabaseAccessA7:2017-Cross-SiteScripting(XSS)A9:2013-UsingComponentswith KnownVulnerabilitiesA6:2017-SecurityMisconfigurationA3:2017-SensitiveDataExposureA3:2013-Cross-SiteScripting(XSS)A5:2017-BrokenAccessControlA6:2013-SensitiveDataExposureA10:2017-InsufficientLogging &MonitoringC7:2018-EnforceAccessControlsA10:2013-UnvalidatedRedirectsandForwardsA8:2017-InsecureDeserializationC8:2018-ProtectDataEverywhereA4:2013-InsecureDirect ObjectReferencesC2:2018-LeverageSecurityFrameworksand LibrariesC6:2018-ImplementDigitalIdentityA9:2017-UsingComponentswith KnownVulnerabilitiesC10:2018-Handle allErrors andExceptionsA2:2013-BrokenAuthenticationand SessionManagementC1:2018-DefineSecurityRequirementsA8:2013-Cross-SiteRequestForgery(CSRF)C9:2018-ImplementSecurityLogging andMonitoringA4:2017-XMLExternalEntities(XXE)A2:2017-BrokenAuthenticationA5:2013-SecurityMisconfigurationA7:2013-MissingFunctionLevel AccessControlC4:2018-Encode andEscape DataC5:2018-ValidateAll InputsA1:2017-InjectionA1:2013-InjectionC3:2018-SecureDatabaseAccessA7:2017-Cross-SiteScripting(XSS)A9:2013-UsingComponentswith KnownVulnerabilitiesA6:2017-SecurityMisconfigurationA3:2017-SensitiveDataExposureA3:2013-Cross-SiteScripting(XSS)A5:2017-BrokenAccessControlA6:2013-SensitiveDataExposureA10:2017-InsufficientLogging &MonitoringC7:2018-EnforceAccessControlsA10:2013-UnvalidatedRedirectsandForwardsA8:2017-InsecureDeserializationC8:2018-ProtectDataEverywhereA4:2013-InsecureDirect ObjectReferencesC2:2018-LeverageSecurityFrameworksand Libraries

Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  1. C6:2018-Implement Digital Identity
  2. A9:2017-Using Components with Known Vulnerabilities
  3. C10:2018-Handle all Errors and Exceptions
  4. A2:2013-Broken Authentication and Session Management
  5. C1:2018-Define Security Requirements
  6. A8:2013-Cross-Site Request Forgery (CSRF)
  7. C9:2018-Implement Security Logging and Monitoring
  8. A4:2017-XML External Entities (XXE)
  9. A2:2017-Broken Authentication
  10. A5:2013-Security Misconfiguration
  11. A7:2013-Missing Function Level Access Control
  12. C4:2018-Encode and Escape Data
  13. C5:2018-Validate All Inputs
  14. A1:2017-Injection
  15. A1:2013-Injection
  16. C3:2018-Secure Database Access
  17. A7:2017-Cross-Site Scripting (XSS)
  18. A9:2013-Using Components with Known Vulnerabilities
  19. A6:2017-Security Misconfiguration
  20. A3:2017-Sensitive Data Exposure
  21. A3:2013-Cross-Site Scripting (XSS)
  22. A5:2017-Broken Access Control
  23. A6:2013-Sensitive Data Exposure
  24. A10:2017-Insufficient Logging & Monitoring
  25. C7:2018-Enforce Access Controls
  26. A10:2013-Unvalidated Redirects and Forwards
  27. A8:2017-Insecure Deserialization
  28. C8:2018-Protect Data Everywhere
  29. A4:2013-Insecure Direct Object References
  30. C2:2018-Leverage Security Frameworks and Libraries