A10:2013-UnvalidatedRedirectsandForwardsA2:2013-BrokenAuthenticationand SessionManagementA4:2017-XMLExternalEntities(XXE)A6:2017-SecurityMisconfigurationA4:2013-InsecureDirect ObjectReferencesC10:2018-Handle allErrors andExceptionsC2:2018-LeverageSecurityFrameworksand LibrariesA3:2013-Cross-SiteScripting(XSS)C3:2018-SecureDatabaseAccessA1:2017-InjectionC8:2018-ProtectDataEverywhereA8:2013-Cross-SiteRequestForgery(CSRF)C5:2018-ValidateAll InputsA1:2013-InjectionA7:2013-MissingFunctionLevel AccessControlA5:2013-SecurityMisconfigurationC7:2018-EnforceAccessControlsA10:2017-InsufficientLogging &MonitoringA9:2013-UsingComponentswith KnownVulnerabilitiesA5:2017-BrokenAccessControlA6:2013-SensitiveDataExposureA9:2017-UsingComponentswith KnownVulnerabilitiesA3:2017-SensitiveDataExposureC1:2018-DefineSecurityRequirementsA2:2017-BrokenAuthenticationA8:2017-InsecureDeserializationA7:2017-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataC9:2018-ImplementSecurityLogging andMonitoringC6:2018-ImplementDigitalIdentityA10:2013-UnvalidatedRedirectsandForwardsA2:2013-BrokenAuthenticationand SessionManagementA4:2017-XMLExternalEntities(XXE)A6:2017-SecurityMisconfigurationA4:2013-InsecureDirect ObjectReferencesC10:2018-Handle allErrors andExceptionsC2:2018-LeverageSecurityFrameworksand LibrariesA3:2013-Cross-SiteScripting(XSS)C3:2018-SecureDatabaseAccessA1:2017-InjectionC8:2018-ProtectDataEverywhereA8:2013-Cross-SiteRequestForgery(CSRF)C5:2018-ValidateAll InputsA1:2013-InjectionA7:2013-MissingFunctionLevel AccessControlA5:2013-SecurityMisconfigurationC7:2018-EnforceAccessControlsA10:2017-InsufficientLogging &MonitoringA9:2013-UsingComponentswith KnownVulnerabilitiesA5:2017-BrokenAccessControlA6:2013-SensitiveDataExposureA9:2017-UsingComponentswith KnownVulnerabilitiesA3:2017-SensitiveDataExposureC1:2018-DefineSecurityRequirementsA2:2017-BrokenAuthenticationA8:2017-InsecureDeserializationA7:2017-Cross-SiteScripting(XSS)C4:2018-Encode andEscape DataC9:2018-ImplementSecurityLogging andMonitoringC6:2018-ImplementDigitalIdentity

Stash OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  1. A10:2013-Unvalidated Redirects and Forwards
  2. A2:2013-Broken Authentication and Session Management
  3. A4:2017-XML External Entities (XXE)
  4. A6:2017-Security Misconfiguration
  5. A4:2013-Insecure Direct Object References
  6. C10:2018-Handle all Errors and Exceptions
  7. C2:2018-Leverage Security Frameworks and Libraries
  8. A3:2013-Cross-Site Scripting (XSS)
  9. C3:2018-Secure Database Access
  10. A1:2017-Injection
  11. C8:2018-Protect Data Everywhere
  12. A8:2013-Cross-Site Request Forgery (CSRF)
  13. C5:2018-Validate All Inputs
  14. A1:2013-Injection
  15. A7:2013-Missing Function Level Access Control
  16. A5:2013-Security Misconfiguration
  17. C7:2018-Enforce Access Controls
  18. A10:2017-Insufficient Logging & Monitoring
  19. A9:2013-Using Components with Known Vulnerabilities
  20. A5:2017-Broken Access Control
  21. A6:2013-Sensitive Data Exposure
  22. A9:2017-Using Components with Known Vulnerabilities
  23. A3:2017-Sensitive Data Exposure
  24. C1:2018-Define Security Requirements
  25. A2:2017-Broken Authentication
  26. A8:2017-Insecure Deserialization
  27. A7:2017-Cross-Site Scripting (XSS)
  28. C4:2018-Encode and Escape Data
  29. C9:2018-Implement Security Logging and Monitoring
  30. C6:2018-Implement Digital Identity