C3:2018-SecureDatabaseAccessAPI5:2023 -BrokenFunctionLevelAuthorizationA10:2013-UnvalidatedRedirectsandForwardsAPI10:2023 -UnsafeConsumptionof APIsAPI2:2023 -BrokenAuthenticationAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA3:2017-SensitiveDataExposureAPI4:2023 -UnrestrictedResourceConsumptionA9:2017-UsingComponentswith KnownVulnerabilitiesA7:2013-MissingFunctionLevel AccessControlA5:2017-BrokenAccessControlA2:2017-BrokenAuthenticationA4:2013-InsecureDirect ObjectReferencesAPI9:2023 -ImproperInventoryManagementA1:2013-InjectionA1:2017-InjectionA6:2013-SensitiveDataExposureA5:2013-SecurityMisconfigurationA8:2013-Cross-SiteRequestForgery(CSRF)API3:2023 -Broken ObjectPropertyLevelAuthorizationC1:2018-DefineSecurityRequirementsAPI1:2023 -BrokenObject LevelAuthorizationA10:2017-InsufficientLogging &MonitoringC4:2018-Encode andEscapeDataA9:2013-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)API6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA3:2013-Cross-SiteScripting(XSS)A8:2017-InsecureDeserializationC2:2018-LeverageSecurityFrameworksand LibrariesAPI8:2023 -SecurityMisconfigurationA4:2017-XMLExternalEntities(XXE)A6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagementC3:2018-SecureDatabaseAccessAPI5:2023 -BrokenFunctionLevelAuthorizationA10:2013-UnvalidatedRedirectsandForwardsAPI10:2023 -UnsafeConsumptionof APIsAPI2:2023 -BrokenAuthenticationAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA3:2017-SensitiveDataExposureAPI4:2023 -UnrestrictedResourceConsumptionA9:2017-UsingComponentswith KnownVulnerabilitiesA7:2013-MissingFunctionLevel AccessControlA5:2017-BrokenAccessControlA2:2017-BrokenAuthenticationA4:2013-InsecureDirect ObjectReferencesAPI9:2023 -ImproperInventoryManagementA1:2013-InjectionA1:2017-InjectionA6:2013-SensitiveDataExposureA5:2013-SecurityMisconfigurationA8:2013-Cross-SiteRequestForgery(CSRF)API3:2023 -Broken ObjectPropertyLevelAuthorizationC1:2018-DefineSecurityRequirementsAPI1:2023 -BrokenObject LevelAuthorizationA10:2017-InsufficientLogging &MonitoringC4:2018-Encode andEscapeDataA9:2013-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)API6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA3:2013-Cross-SiteScripting(XSS)A8:2017-InsecureDeserializationC2:2018-LeverageSecurityFrameworksand LibrariesAPI8:2023 -SecurityMisconfigurationA4:2017-XMLExternalEntities(XXE)A6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagement

API OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  1. C3:2018-Secure Database Access
  2. API5:2023 - Broken Function Level Authorization
  3. A10:2013-Unvalidated Redirects and Forwards
  4. API10:2023 - Unsafe Consumption of APIs
  5. API2:2023 - Broken Authentication
  6. API6:2023 - Unrestricted Access to Sensitive Business Flows
  7. A3:2017-Sensitive Data Exposure
  8. API4:2023 - Unrestricted Resource Consumption
  9. A9:2017-Using Components with Known Vulnerabilities
  10. A7:2013-Missing Function Level Access Control
  11. A5:2017-Broken Access Control
  12. A2:2017-Broken Authentication
  13. A4:2013-Insecure Direct Object References
  14. API9:2023 - Improper Inventory Management
  15. A1:2013-Injection
  16. A1:2017-Injection
  17. A6:2013-Sensitive Data Exposure
  18. A5:2013-Security Misconfiguration
  19. A8:2013-Cross-Site Request Forgery (CSRF)
  20. API3:2023 - Broken Object Property Level Authorization
  21. C1:2018-Define Security Requirements
  22. API1:2023 - Broken Object Level Authorization
  23. A10:2017-Insufficient Logging & Monitoring
  24. C4:2018-Encode and Escape Data
  25. A9:2013-Using Components with Known Vulnerabilities
  26. A7:2017-Cross-Site Scripting (XSS)
  27. API6:2023 - Unrestricted Access to Sensitive Business Flows
  28. A3:2013-Cross-Site Scripting (XSS)
  29. A8:2017-Insecure Deserialization
  30. C2:2018-Leverage Security Frameworks and Libraries
  31. API8:2023 - Security Misconfiguration
  32. A4:2017-XML External Entities (XXE)
  33. A6:2017-Security Misconfiguration
  34. A2:2013-Broken Authentication and Session Management