API6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA4:2013-InsecureDirect ObjectReferencesC3:2018-SecureDatabaseAccessA9:2017-UsingComponentswith KnownVulnerabilitiesAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA5:2013-SecurityMisconfigurationAPI5:2023 -BrokenFunctionLevelAuthorizationA4:2017-XMLExternalEntities(XXE)A10:2013-UnvalidatedRedirectsandForwardsAPI4:2023 -UnrestrictedResourceConsumptionA3:2017-SensitiveDataExposureC1:2018-DefineSecurityRequirementsC2:2018-LeverageSecurityFrameworksand LibrariesAPI10:2023 -UnsafeConsumptionof APIsA2:2017-BrokenAuthenticationC4:2018-Encode andEscapeDataA1:2013-InjectionA7:2013-MissingFunctionLevel AccessControlA6:2013-SensitiveDataExposureA2:2013-BrokenAuthenticationand SessionManagementA9:2013-UsingComponentswith KnownVulnerabilitiesA1:2017-InjectionA5:2017-BrokenAccessControlAPI2:2023 -BrokenAuthenticationAPI1:2023 -BrokenObject LevelAuthorizationAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA8:2017-InsecureDeserializationA7:2017-Cross-SiteScripting(XSS)API9:2023 -ImproperInventoryManagementA10:2017-InsufficientLogging &MonitoringAPI8:2023 -SecurityMisconfigurationA3:2013-Cross-SiteScripting(XSS)A8:2013-Cross-SiteRequestForgery(CSRF)A6:2017-SecurityMisconfigurationAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA4:2013-InsecureDirect ObjectReferencesC3:2018-SecureDatabaseAccessA9:2017-UsingComponentswith KnownVulnerabilitiesAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA5:2013-SecurityMisconfigurationAPI5:2023 -BrokenFunctionLevelAuthorizationA4:2017-XMLExternalEntities(XXE)A10:2013-UnvalidatedRedirectsandForwardsAPI4:2023 -UnrestrictedResourceConsumptionA3:2017-SensitiveDataExposureC1:2018-DefineSecurityRequirementsC2:2018-LeverageSecurityFrameworksand LibrariesAPI10:2023 -UnsafeConsumptionof APIsA2:2017-BrokenAuthenticationC4:2018-Encode andEscapeDataA1:2013-InjectionA7:2013-MissingFunctionLevel AccessControlA6:2013-SensitiveDataExposureA2:2013-BrokenAuthenticationand SessionManagementA9:2013-UsingComponentswith KnownVulnerabilitiesA1:2017-InjectionA5:2017-BrokenAccessControlAPI2:2023 -BrokenAuthenticationAPI1:2023 -BrokenObject LevelAuthorizationAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA8:2017-InsecureDeserializationA7:2017-Cross-SiteScripting(XSS)API9:2023 -ImproperInventoryManagementA10:2017-InsufficientLogging &MonitoringAPI8:2023 -SecurityMisconfigurationA3:2013-Cross-SiteScripting(XSS)A8:2013-Cross-SiteRequestForgery(CSRF)A6:2017-SecurityMisconfiguration

API OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  1. API6:2023 - Unrestricted Access to Sensitive Business Flows
  2. A4:2013-Insecure Direct Object References
  3. C3:2018-Secure Database Access
  4. A9:2017-Using Components with Known Vulnerabilities
  5. API3:2023 - Broken Object Property Level Authorization
  6. A5:2013-Security Misconfiguration
  7. API5:2023 - Broken Function Level Authorization
  8. A4:2017-XML External Entities (XXE)
  9. A10:2013-Unvalidated Redirects and Forwards
  10. API4:2023 - Unrestricted Resource Consumption
  11. A3:2017-Sensitive Data Exposure
  12. C1:2018-Define Security Requirements
  13. C2:2018-Leverage Security Frameworks and Libraries
  14. API10:2023 - Unsafe Consumption of APIs
  15. A2:2017-Broken Authentication
  16. C4:2018-Encode and Escape Data
  17. A1:2013-Injection
  18. A7:2013-Missing Function Level Access Control
  19. A6:2013-Sensitive Data Exposure
  20. A2:2013-Broken Authentication and Session Management
  21. A9:2013-Using Components with Known Vulnerabilities
  22. A1:2017-Injection
  23. A5:2017-Broken Access Control
  24. API2:2023 - Broken Authentication
  25. API1:2023 - Broken Object Level Authorization
  26. API6:2023 - Unrestricted Access to Sensitive Business Flows
  27. A8:2017-Insecure Deserialization
  28. A7:2017-Cross-Site Scripting (XSS)
  29. API9:2023 - Improper Inventory Management
  30. A10:2017-Insufficient Logging & Monitoring
  31. API8:2023 - Security Misconfiguration
  32. A3:2013-Cross-Site Scripting (XSS)
  33. A8:2013-Cross-Site Request Forgery (CSRF)
  34. A6:2017-Security Misconfiguration