A8:2017-InsecureDeserializationC3:2018-SecureDatabaseAccessAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA6:2013-SensitiveDataExposureA1:2017-InjectionAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA9:2013-UsingComponentswith KnownVulnerabilitiesAPI9:2023 -ImproperInventoryManagementA7:2013-MissingFunctionLevel AccessControlA7:2017-Cross-SiteScripting(XSS)A10:2017-InsufficientLogging &MonitoringAPI8:2023 -SecurityMisconfigurationAPI2:2023 -BrokenAuthenticationA4:2013-InsecureDirect ObjectReferencesC4:2018-Encode andEscapeDataA5:2017-BrokenAccessControlA3:2017-SensitiveDataExposureA2:2017-BrokenAuthenticationAPI4:2023 -UnrestrictedResourceConsumptionC1:2018-DefineSecurityRequirementsA9:2017-UsingComponentswith KnownVulnerabilitiesAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA4:2017-XMLExternalEntities(XXE)API5:2023 -BrokenFunctionLevelAuthorizationA10:2013-UnvalidatedRedirectsandForwardsA1:2013-InjectionA8:2013-Cross-SiteRequestForgery(CSRF)A5:2013-SecurityMisconfigurationC2:2018-LeverageSecurityFrameworksand LibrariesA3:2013-Cross-SiteScripting(XSS)API10:2023 -UnsafeConsumptionof APIsA6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagementAPI1:2023 -BrokenObject LevelAuthorizationA8:2017-InsecureDeserializationC3:2018-SecureDatabaseAccessAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA6:2013-SensitiveDataExposureA1:2017-InjectionAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA9:2013-UsingComponentswith KnownVulnerabilitiesAPI9:2023 -ImproperInventoryManagementA7:2013-MissingFunctionLevel AccessControlA7:2017-Cross-SiteScripting(XSS)A10:2017-InsufficientLogging &MonitoringAPI8:2023 -SecurityMisconfigurationAPI2:2023 -BrokenAuthenticationA4:2013-InsecureDirect ObjectReferencesC4:2018-Encode andEscapeDataA5:2017-BrokenAccessControlA3:2017-SensitiveDataExposureA2:2017-BrokenAuthenticationAPI4:2023 -UnrestrictedResourceConsumptionC1:2018-DefineSecurityRequirementsA9:2017-UsingComponentswith KnownVulnerabilitiesAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA4:2017-XMLExternalEntities(XXE)API5:2023 -BrokenFunctionLevelAuthorizationA10:2013-UnvalidatedRedirectsandForwardsA1:2013-InjectionA8:2013-Cross-SiteRequestForgery(CSRF)A5:2013-SecurityMisconfigurationC2:2018-LeverageSecurityFrameworksand LibrariesA3:2013-Cross-SiteScripting(XSS)API10:2023 -UnsafeConsumptionof APIsA6:2017-SecurityMisconfigurationA2:2013-BrokenAuthenticationand SessionManagementAPI1:2023 -BrokenObject LevelAuthorization

API OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  1. A8:2017-Insecure Deserialization
  2. C3:2018-Secure Database Access
  3. API6:2023 - Unrestricted Access to Sensitive Business Flows
  4. A6:2013-Sensitive Data Exposure
  5. A1:2017-Injection
  6. API3:2023 - Broken Object Property Level Authorization
  7. A9:2013-Using Components with Known Vulnerabilities
  8. API9:2023 - Improper Inventory Management
  9. A7:2013-Missing Function Level Access Control
  10. A7:2017-Cross-Site Scripting (XSS)
  11. A10:2017-Insufficient Logging & Monitoring
  12. API8:2023 - Security Misconfiguration
  13. API2:2023 - Broken Authentication
  14. A4:2013-Insecure Direct Object References
  15. C4:2018-Encode and Escape Data
  16. A5:2017-Broken Access Control
  17. A3:2017-Sensitive Data Exposure
  18. A2:2017-Broken Authentication
  19. API4:2023 - Unrestricted Resource Consumption
  20. C1:2018-Define Security Requirements
  21. A9:2017-Using Components with Known Vulnerabilities
  22. API6:2023 - Unrestricted Access to Sensitive Business Flows
  23. A4:2017-XML External Entities (XXE)
  24. API5:2023 - Broken Function Level Authorization
  25. A10:2013-Unvalidated Redirects and Forwards
  26. A1:2013-Injection
  27. A8:2013-Cross-Site Request Forgery (CSRF)
  28. A5:2013-Security Misconfiguration
  29. C2:2018-Leverage Security Frameworks and Libraries
  30. A3:2013-Cross-Site Scripting (XSS)
  31. API10:2023 - Unsafe Consumption of APIs
  32. A6:2017-Security Misconfiguration
  33. A2:2013-Broken Authentication and Session Management
  34. API1:2023 - Broken Object Level Authorization