C1:2018- Define Security Requirements A7:2017- Cross-Site Scripting (XSS) A10:2017- Insufficient Logging & Monitoring A8:2017- Insecure Deserialization API10:2023 - Unsafe Consumption of APIs C2:2018- Leverage Security Frameworks and Libraries A7:2013- Missing Function Level Access Control A9:2013- Using Components with Known Vulnerabilities A1:2017- Injection API1:2023 - Broken Object Level Authorization API5:2023 - Broken Function Level Authorization A4:2013- Insecure Direct Object References API8:2023 - Security Misconfiguration A8:2013- Cross-Site Request Forgery (CSRF) A2:2017- Broken Authentication A1:2013- Injection A6:2017- Security Misconfiguration A3:2013- Cross-Site Scripting (XSS) API3:2023 - Broken Object Property Level Authorization A4:2017- XML External Entities (XXE) A3:2017- Sensitive Data Exposure API6:2023 - Unrestricted Access to Sensitive Business Flows A2:2013- Broken Authentication and Session Management API2:2023 - Broken Authentication A9:2017- Using Components with Known Vulnerabilities A5:2013- Security Misconfiguration API4:2023 - Unrestricted Resource Consumption C4:2018- Encode and Escape Data A6:2013- Sensitive Data Exposure A5:2017- Broken Access Control A10:2013- Unvalidated Redirects and Forwards C3:2018- Secure Database Access API9:2023 - Improper Inventory Management API6:2023 - Unrestricted Access to Sensitive Business Flows C1:2018- Define Security Requirements A7:2017- Cross-Site Scripting (XSS) A10:2017- Insufficient Logging & Monitoring A8:2017- Insecure Deserialization API10:2023 - Unsafe Consumption of APIs C2:2018- Leverage Security Frameworks and Libraries A7:2013- Missing Function Level Access Control A9:2013- Using Components with Known Vulnerabilities A1:2017- Injection API1:2023 - Broken Object Level Authorization API5:2023 - Broken Function Level Authorization A4:2013- Insecure Direct Object References API8:2023 - Security Misconfiguration A8:2013- Cross-Site Request Forgery (CSRF) A2:2017- Broken Authentication A1:2013- Injection A6:2017- Security Misconfiguration A3:2013- Cross-Site Scripting (XSS) API3:2023 - Broken Object Property Level Authorization A4:2017- XML External Entities (XXE) A3:2017- Sensitive Data Exposure API6:2023 - Unrestricted Access to Sensitive Business Flows A2:2013- Broken Authentication and Session Management API2:2023 - Broken Authentication A9:2017- Using Components with Known Vulnerabilities A5:2013- Security Misconfiguration API4:2023 - Unrestricted Resource Consumption C4:2018- Encode and Escape Data A6:2013- Sensitive Data Exposure A5:2017- Broken Access Control A10:2013- Unvalidated Redirects and Forwards C3:2018- Secure Database Access API9:2023 - Improper Inventory Management API6:2023 - Unrestricted Access to Sensitive Business Flows
(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.
C1:2018-Define Security Requirements
A7:2017-Cross-Site Scripting (XSS)
A10:2017-Insufficient Logging & Monitoring
A8:2017-Insecure Deserialization
API10:2023 - Unsafe Consumption of APIs
C2:2018-Leverage Security Frameworks and Libraries
A7:2013-Missing Function Level Access Control
A9:2013-Using Components with Known Vulnerabilities
A1:2017-Injection
API1:2023 - Broken Object Level Authorization
API5:2023 - Broken Function Level Authorization
A4:2013-Insecure Direct Object References
API8:2023 - Security Misconfiguration
A8:2013-Cross-Site Request Forgery (CSRF)
A2:2017-Broken Authentication
A1:2013-Injection
A6:2017-Security Misconfiguration
A3:2013-Cross-Site Scripting (XSS)
API3:2023 - Broken Object Property Level Authorization
A4:2017-XML External Entities (XXE)
A3:2017-Sensitive Data Exposure
API6:2023 - Unrestricted Access to Sensitive Business Flows
A2:2013-Broken Authentication and Session Management
API2:2023 - Broken Authentication
A9:2017-Using Components with Known Vulnerabilities
A5:2013-Security Misconfiguration
API4:2023 - Unrestricted Resource Consumption
C4:2018-Encode and Escape Data
A6:2013-Sensitive Data Exposure
A5:2017-Broken Access Control
A10:2013-Unvalidated Redirects and Forwards
C3:2018-Secure Database Access
API9:2023 - Improper Inventory Management
API6:2023 - Unrestricted Access to Sensitive Business Flows