C2:2018-LeverageSecurityFrameworksand LibrariesA2:2017-BrokenAuthenticationAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA9:2013-UsingComponentswith KnownVulnerabilitiesA6:2013-SensitiveDataExposureA8:2017-InsecureDeserializationA10:2017-InsufficientLogging &MonitoringA3:2013-Cross-SiteScripting(XSS)API9:2023 -ImproperInventoryManagementA8:2013-Cross-SiteRequestForgery(CSRF)A5:2017-BrokenAccessControlA2:2013-BrokenAuthenticationand SessionManagementAPI5:2023 -BrokenFunctionLevelAuthorizationA1:2013-InjectionAPI1:2023 -BrokenObject LevelAuthorizationAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA7:2013-MissingFunctionLevel AccessControlAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsAPI10:2023 -UnsafeConsumptionof APIsC4:2018-Encode andEscapeDataA4:2013-InsecureDirect ObjectReferencesA9:2017-UsingComponentswith KnownVulnerabilitiesA10:2013-UnvalidatedRedirectsandForwardsA6:2017-SecurityMisconfigurationA4:2017-XMLExternalEntities(XXE)A3:2017-SensitiveDataExposureC1:2018-DefineSecurityRequirementsAPI8:2023 -SecurityMisconfigurationA7:2017-Cross-SiteScripting(XSS)API2:2023 -BrokenAuthenticationAPI4:2023 -UnrestrictedResourceConsumptionA1:2017-InjectionA5:2013-SecurityMisconfigurationC3:2018-SecureDatabaseAccessC2:2018-LeverageSecurityFrameworksand LibrariesA2:2017-BrokenAuthenticationAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA9:2013-UsingComponentswith KnownVulnerabilitiesA6:2013-SensitiveDataExposureA8:2017-InsecureDeserializationA10:2017-InsufficientLogging &MonitoringA3:2013-Cross-SiteScripting(XSS)API9:2023 -ImproperInventoryManagementA8:2013-Cross-SiteRequestForgery(CSRF)A5:2017-BrokenAccessControlA2:2013-BrokenAuthenticationand SessionManagementAPI5:2023 -BrokenFunctionLevelAuthorizationA1:2013-InjectionAPI1:2023 -BrokenObject LevelAuthorizationAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA7:2013-MissingFunctionLevel AccessControlAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsAPI10:2023 -UnsafeConsumptionof APIsC4:2018-Encode andEscapeDataA4:2013-InsecureDirect ObjectReferencesA9:2017-UsingComponentswith KnownVulnerabilitiesA10:2013-UnvalidatedRedirectsandForwardsA6:2017-SecurityMisconfigurationA4:2017-XMLExternalEntities(XXE)A3:2017-SensitiveDataExposureC1:2018-DefineSecurityRequirementsAPI8:2023 -SecurityMisconfigurationA7:2017-Cross-SiteScripting(XSS)API2:2023 -BrokenAuthenticationAPI4:2023 -UnrestrictedResourceConsumptionA1:2017-InjectionA5:2013-SecurityMisconfigurationC3:2018-SecureDatabaseAccess

API OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  1. C2:2018-Leverage Security Frameworks and Libraries
  2. A2:2017-Broken Authentication
  3. API6:2023 - Unrestricted Access to Sensitive Business Flows
  4. A9:2013-Using Components with Known Vulnerabilities
  5. A6:2013-Sensitive Data Exposure
  6. A8:2017-Insecure Deserialization
  7. A10:2017-Insufficient Logging & Monitoring
  8. A3:2013-Cross-Site Scripting (XSS)
  9. API9:2023 - Improper Inventory Management
  10. A8:2013-Cross-Site Request Forgery (CSRF)
  11. A5:2017-Broken Access Control
  12. A2:2013-Broken Authentication and Session Management
  13. API5:2023 - Broken Function Level Authorization
  14. A1:2013-Injection
  15. API1:2023 - Broken Object Level Authorization
  16. API3:2023 - Broken Object Property Level Authorization
  17. A7:2013-Missing Function Level Access Control
  18. API6:2023 - Unrestricted Access to Sensitive Business Flows
  19. API10:2023 - Unsafe Consumption of APIs
  20. C4:2018-Encode and Escape Data
  21. A4:2013-Insecure Direct Object References
  22. A9:2017-Using Components with Known Vulnerabilities
  23. A10:2013-Unvalidated Redirects and Forwards
  24. A6:2017-Security Misconfiguration
  25. A4:2017-XML External Entities (XXE)
  26. A3:2017-Sensitive Data Exposure
  27. C1:2018-Define Security Requirements
  28. API8:2023 - Security Misconfiguration
  29. A7:2017-Cross-Site Scripting (XSS)
  30. API2:2023 - Broken Authentication
  31. API4:2023 - Unrestricted Resource Consumption
  32. A1:2017-Injection
  33. A5:2013-Security Misconfiguration
  34. C3:2018-Secure Database Access