C8:2018-ProtectDataEverywhereA4:2013-InsecureDirect ObjectReferencesA7:2017-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataA10:2013-UnvalidatedRedirectsandForwardsA5:2017-BrokenAccessControlC5:2018-ValidateAll InputsA6:2017-SecurityMisconfigurationA8:2017-InsecureDeserializationA7:2013-MissingFunctionLevel AccessControlC7:2018-EnforceAccessControlsA5:2013-SecurityMisconfigurationA3:2013-Cross-SiteScripting(XSS)C3:2018-SecureDatabaseAccessA9:2017-UsingComponentswith KnownVulnerabilitiesC9:2018-ImplementSecurityLogging andMonitoringC10:2018-Handle allErrors andExceptionsA9:2013-UsingComponentswith KnownVulnerabilitiesA1:2013-InjectionA10:2017-InsufficientLogging &MonitoringA4:2017-XMLExternalEntities(XXE)C1:2018-DefineSecurityRequirementsA3:2017-SensitiveDataExposureC2:2018-LeverageSecurityFrameworksand LibrariesC6:2018-ImplementDigitalIdentityA1:2017-InjectionA2:2013-BrokenAuthenticationand SessionManagementA6:2013-SensitiveDataExposureA2:2017-BrokenAuthenticationA8:2013-Cross-SiteRequestForgery(CSRF)C8:2018-ProtectDataEverywhereA4:2013-InsecureDirect ObjectReferencesA7:2017-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataA10:2013-UnvalidatedRedirectsandForwardsA5:2017-BrokenAccessControlC5:2018-ValidateAll InputsA6:2017-SecurityMisconfigurationA8:2017-InsecureDeserializationA7:2013-MissingFunctionLevel AccessControlC7:2018-EnforceAccessControlsA5:2013-SecurityMisconfigurationA3:2013-Cross-SiteScripting(XSS)C3:2018-SecureDatabaseAccessA9:2017-UsingComponentswith KnownVulnerabilitiesC9:2018-ImplementSecurityLogging andMonitoringC10:2018-Handle allErrors andExceptionsA9:2013-UsingComponentswith KnownVulnerabilitiesA1:2013-InjectionA10:2017-InsufficientLogging &MonitoringA4:2017-XMLExternalEntities(XXE)C1:2018-DefineSecurityRequirementsA3:2017-SensitiveDataExposureC2:2018-LeverageSecurityFrameworksand LibrariesC6:2018-ImplementDigitalIdentityA1:2017-InjectionA2:2013-BrokenAuthenticationand SessionManagementA6:2013-SensitiveDataExposureA2:2017-BrokenAuthenticationA8:2013-Cross-SiteRequestForgery(CSRF)

Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  1. C8:2018-Protect Data Everywhere
  2. A4:2013-Insecure Direct Object References
  3. A7:2017-Cross-Site Scripting (XSS)
  4. C4:2018-Encode and Escape Data
  5. A10:2013-Unvalidated Redirects and Forwards
  6. A5:2017-Broken Access Control
  7. C5:2018-Validate All Inputs
  8. A6:2017-Security Misconfiguration
  9. A8:2017-Insecure Deserialization
  10. A7:2013-Missing Function Level Access Control
  11. C7:2018-Enforce Access Controls
  12. A5:2013-Security Misconfiguration
  13. A3:2013-Cross-Site Scripting (XSS)
  14. C3:2018-Secure Database Access
  15. A9:2017-Using Components with Known Vulnerabilities
  16. C9:2018-Implement Security Logging and Monitoring
  17. C10:2018-Handle all Errors and Exceptions
  18. A9:2013-Using Components with Known Vulnerabilities
  19. A1:2013-Injection
  20. A10:2017-Insufficient Logging & Monitoring
  21. A4:2017-XML External Entities (XXE)
  22. C1:2018-Define Security Requirements
  23. A3:2017-Sensitive Data Exposure
  24. C2:2018-Leverage Security Frameworks and Libraries
  25. C6:2018-Implement Digital Identity
  26. A1:2017-Injection
  27. A2:2013-Broken Authentication and Session Management
  28. A6:2013-Sensitive Data Exposure
  29. A2:2017-Broken Authentication
  30. A8:2013-Cross-Site Request Forgery (CSRF)