API OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.

1. API6:2023 - Unrestricted Access to Sensitive Business Flows
2. A5:2017-Broken Access Control
3. API10:2023 - Unsafe Consumption of APIs
4. C3:2018-Secure Database Access
5. API5:2023 - Broken Function Level Authorization
6. A3:2013-Cross-Site Scripting (XSS)
7. API1:2023 - Broken Object Level Authorization
8. API9:2023 - Improper Inventory Management
9. A1:2013-Injection
10. API4:2023 - Unrestricted Resource Consumption
11. A1:2017-Injection
12. C4:2018-Encode and Escape Data
13. A4:2013-Insecure Direct Object References
14. A9:2017-Using Components with Known Vulnerabilities
15. A7:2017-Cross-Site Scripting (XSS)
16. A2:2013-Broken Authentication and Session Management
17. API3:2023 - Broken Object Property Level Authorization
18. API2:2023 - Broken Authentication
19. A10:2013-Unvalidated Redirects and Forwards
20. A2:2017-Broken Authentication
21. A6:2013-Sensitive Data Exposure
22. A4:2017-XML External Entities (XXE)
23. API8:2023 - Security Misconfiguration
24. A5:2013-Security Misconfiguration
25. A9:2013-Using Components with Known Vulnerabilities
26. A3:2017-Sensitive Data Exposure
27. A8:2017-Insecure Deserialization
28. A8:2013-Cross-Site Request Forgery (CSRF)
29. A6:2017-Security Misconfiguration
30. C1:2018-Define Security Requirements
31. A10:2017-Insufficient Logging & Monitoring
32. API6:2023 - Unrestricted Access to Sensitive Business Flows
33. A7:2013-Missing Function Level Access Control
34. C2:2018-Leverage Security Frameworks and Libraries