A4:2017-XMLExternalEntities(XXE)A1:2013-InjectionA4:2013-InsecureDirect ObjectReferencesC6:2018-ImplementDigitalIdentityC10:2018-Handle allErrors andExceptionsA5:2013-SecurityMisconfigurationA6:2017-SecurityMisconfigurationC8:2018-ProtectDataEverywhereA9:2013-UsingComponentswith KnownVulnerabilitiesA1:2017-InjectionC9:2018-ImplementSecurityLogging andMonitoringC1:2018-DefineSecurityRequirementsC5:2018-ValidateAll InputsA7:2013-MissingFunctionLevel AccessControlA2:2017-BrokenAuthenticationA10:2017-InsufficientLogging &MonitoringA2:2013-BrokenAuthenticationand SessionManagementC2:2018-LeverageSecurityFrameworksand LibrariesA8:2017-InsecureDeserializationA9:2017-UsingComponentswith KnownVulnerabilitiesC3:2018-SecureDatabaseAccessC7:2018-EnforceAccessControlsA10:2013-UnvalidatedRedirectsandForwardsA5:2017-BrokenAccessControlA8:2013-Cross-SiteRequestForgery(CSRF)A6:2013-SensitiveDataExposureA3:2017-SensitiveDataExposureA3:2013-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataA7:2017-Cross-SiteScripting(XSS)A4:2017-XMLExternalEntities(XXE)A1:2013-InjectionA4:2013-InsecureDirect ObjectReferencesC6:2018-ImplementDigitalIdentityC10:2018-Handle allErrors andExceptionsA5:2013-SecurityMisconfigurationA6:2017-SecurityMisconfigurationC8:2018-ProtectDataEverywhereA9:2013-UsingComponentswith KnownVulnerabilitiesA1:2017-InjectionC9:2018-ImplementSecurityLogging andMonitoringC1:2018-DefineSecurityRequirementsC5:2018-ValidateAll InputsA7:2013-MissingFunctionLevel AccessControlA2:2017-BrokenAuthenticationA10:2017-InsufficientLogging &MonitoringA2:2013-BrokenAuthenticationand SessionManagementC2:2018-LeverageSecurityFrameworksand LibrariesA8:2017-InsecureDeserializationA9:2017-UsingComponentswith KnownVulnerabilitiesC3:2018-SecureDatabaseAccessC7:2018-EnforceAccessControlsA10:2013-UnvalidatedRedirectsandForwardsA5:2017-BrokenAccessControlA8:2013-Cross-SiteRequestForgery(CSRF)A6:2013-SensitiveDataExposureA3:2017-SensitiveDataExposureA3:2013-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataA7:2017-Cross-SiteScripting(XSS)

Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  1. A4:2017-XML External Entities (XXE)
  2. A1:2013-Injection
  3. A4:2013-Insecure Direct Object References
  4. C6:2018-Implement Digital Identity
  5. C10:2018-Handle all Errors and Exceptions
  6. A5:2013-Security Misconfiguration
  7. A6:2017-Security Misconfiguration
  8. C8:2018-Protect Data Everywhere
  9. A9:2013-Using Components with Known Vulnerabilities
  10. A1:2017-Injection
  11. C9:2018-Implement Security Logging and Monitoring
  12. C1:2018-Define Security Requirements
  13. C5:2018-Validate All Inputs
  14. A7:2013-Missing Function Level Access Control
  15. A2:2017-Broken Authentication
  16. A10:2017-Insufficient Logging & Monitoring
  17. A2:2013-Broken Authentication and Session Management
  18. C2:2018-Leverage Security Frameworks and Libraries
  19. A8:2017-Insecure Deserialization
  20. A9:2017-Using Components with Known Vulnerabilities
  21. C3:2018-Secure Database Access
  22. C7:2018-Enforce Access Controls
  23. A10:2013-Unvalidated Redirects and Forwards
  24. A5:2017-Broken Access Control
  25. A8:2013-Cross-Site Request Forgery (CSRF)
  26. A6:2013-Sensitive Data Exposure
  27. A3:2017-Sensitive Data Exposure
  28. A3:2013-Cross-Site Scripting (XSS)
  29. C4:2018-Encode and Escape Data
  30. A7:2017-Cross-Site Scripting (XSS)