C2:2018-LeverageSecurityFrameworksand LibrariesC4:2018-Encode andEscapeDataAPI5:2023 -BrokenFunctionLevelAuthorizationC1:2018-DefineSecurityRequirementsA1:2017-InjectionAPI8:2023 -SecurityMisconfigurationA8:2017-InsecureDeserializationAPI9:2023 -ImproperInventoryManagementC3:2018-SecureDatabaseAccessAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA7:2013-MissingFunctionLevel AccessControlA6:2013-SensitiveDataExposureAPI1:2023 -BrokenObject LevelAuthorizationA1:2013-InjectionAPI4:2023 -UnrestrictedResourceConsumptionA10:2017-InsufficientLogging &MonitoringAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA2:2013-BrokenAuthenticationand SessionManagementA2:2017-BrokenAuthenticationAPI10:2023 -UnsafeConsumptionof APIsA9:2017-UsingComponentswith KnownVulnerabilitiesA4:2013-InsecureDirect ObjectReferencesA9:2013-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)A5:2017-BrokenAccessControlA8:2013-Cross-SiteRequestForgery(CSRF)API2:2023 -BrokenAuthenticationA3:2017-SensitiveDataExposureA10:2013-UnvalidatedRedirectsandForwardsA3:2013-Cross-SiteScripting(XSS)API6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA4:2017-XMLExternalEntities(XXE)A6:2017-SecurityMisconfigurationA5:2013-SecurityMisconfigurationC2:2018-LeverageSecurityFrameworksand LibrariesC4:2018-Encode andEscapeDataAPI5:2023 -BrokenFunctionLevelAuthorizationC1:2018-DefineSecurityRequirementsA1:2017-InjectionAPI8:2023 -SecurityMisconfigurationA8:2017-InsecureDeserializationAPI9:2023 -ImproperInventoryManagementC3:2018-SecureDatabaseAccessAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA7:2013-MissingFunctionLevel AccessControlA6:2013-SensitiveDataExposureAPI1:2023 -BrokenObject LevelAuthorizationA1:2013-InjectionAPI4:2023 -UnrestrictedResourceConsumptionA10:2017-InsufficientLogging &MonitoringAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA2:2013-BrokenAuthenticationand SessionManagementA2:2017-BrokenAuthenticationAPI10:2023 -UnsafeConsumptionof APIsA9:2017-UsingComponentswith KnownVulnerabilitiesA4:2013-InsecureDirect ObjectReferencesA9:2013-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)A5:2017-BrokenAccessControlA8:2013-Cross-SiteRequestForgery(CSRF)API2:2023 -BrokenAuthenticationA3:2017-SensitiveDataExposureA10:2013-UnvalidatedRedirectsandForwardsA3:2013-Cross-SiteScripting(XSS)API6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA4:2017-XMLExternalEntities(XXE)A6:2017-SecurityMisconfigurationA5:2013-SecurityMisconfiguration

API OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  1. C2:2018-Leverage Security Frameworks and Libraries
  2. C4:2018-Encode and Escape Data
  3. API5:2023 - Broken Function Level Authorization
  4. C1:2018-Define Security Requirements
  5. A1:2017-Injection
  6. API8:2023 - Security Misconfiguration
  7. A8:2017-Insecure Deserialization
  8. API9:2023 - Improper Inventory Management
  9. C3:2018-Secure Database Access
  10. API3:2023 - Broken Object Property Level Authorization
  11. A7:2013-Missing Function Level Access Control
  12. A6:2013-Sensitive Data Exposure
  13. API1:2023 - Broken Object Level Authorization
  14. A1:2013-Injection
  15. API4:2023 - Unrestricted Resource Consumption
  16. A10:2017-Insufficient Logging & Monitoring
  17. API6:2023 - Unrestricted Access to Sensitive Business Flows
  18. A2:2013-Broken Authentication and Session Management
  19. A2:2017-Broken Authentication
  20. API10:2023 - Unsafe Consumption of APIs
  21. A9:2017-Using Components with Known Vulnerabilities
  22. A4:2013-Insecure Direct Object References
  23. A9:2013-Using Components with Known Vulnerabilities
  24. A7:2017-Cross-Site Scripting (XSS)
  25. A5:2017-Broken Access Control
  26. A8:2013-Cross-Site Request Forgery (CSRF)
  27. API2:2023 - Broken Authentication
  28. A3:2017-Sensitive Data Exposure
  29. A10:2013-Unvalidated Redirects and Forwards
  30. A3:2013-Cross-Site Scripting (XSS)
  31. API6:2023 - Unrestricted Access to Sensitive Business Flows
  32. A4:2017-XML External Entities (XXE)
  33. A6:2017-Security Misconfiguration
  34. A5:2013-Security Misconfiguration