A5:2013-SecurityMisconfigurationA6:2017-SecurityMisconfigurationA6:2013-SensitiveDataExposureC1:2018-DefineSecurityRequirementsC3:2018-SecureDatabaseAccessAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA10:2013-UnvalidatedRedirectsandForwardsA1:2013-InjectionA3:2017-SensitiveDataExposureA7:2013-MissingFunctionLevel AccessControlA10:2017-InsufficientLogging &MonitoringAPI1:2023 -BrokenObject LevelAuthorizationA2:2013-BrokenAuthenticationand SessionManagementA5:2017-BrokenAccessControlA4:2017-XMLExternalEntities(XXE)C2:2018-LeverageSecurityFrameworksand LibrariesAPI5:2023 -BrokenFunctionLevelAuthorizationA8:2013-Cross-SiteRequestForgery(CSRF)C4:2018-Encode andEscapeDataA8:2017-InsecureDeserializationAPI4:2023 -UnrestrictedResourceConsumptionA2:2017-BrokenAuthenticationAPI9:2023 -ImproperInventoryManagementA4:2013-InsecureDirect ObjectReferencesA1:2017-InjectionAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsAPI8:2023 -SecurityMisconfigurationA9:2013-UsingComponentswith KnownVulnerabilitiesAPI2:2023 -BrokenAuthenticationA9:2017-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)API6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA3:2013-Cross-SiteScripting(XSS)API10:2023 -UnsafeConsumptionof APIsA5:2013-SecurityMisconfigurationA6:2017-SecurityMisconfigurationA6:2013-SensitiveDataExposureC1:2018-DefineSecurityRequirementsC3:2018-SecureDatabaseAccessAPI3:2023 -Broken ObjectPropertyLevelAuthorizationA10:2013-UnvalidatedRedirectsandForwardsA1:2013-InjectionA3:2017-SensitiveDataExposureA7:2013-MissingFunctionLevel AccessControlA10:2017-InsufficientLogging &MonitoringAPI1:2023 -BrokenObject LevelAuthorizationA2:2013-BrokenAuthenticationand SessionManagementA5:2017-BrokenAccessControlA4:2017-XMLExternalEntities(XXE)C2:2018-LeverageSecurityFrameworksand LibrariesAPI5:2023 -BrokenFunctionLevelAuthorizationA8:2013-Cross-SiteRequestForgery(CSRF)C4:2018-Encode andEscapeDataA8:2017-InsecureDeserializationAPI4:2023 -UnrestrictedResourceConsumptionA2:2017-BrokenAuthenticationAPI9:2023 -ImproperInventoryManagementA4:2013-InsecureDirect ObjectReferencesA1:2017-InjectionAPI6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsAPI8:2023 -SecurityMisconfigurationA9:2013-UsingComponentswith KnownVulnerabilitiesAPI2:2023 -BrokenAuthenticationA9:2017-UsingComponentswith KnownVulnerabilitiesA7:2017-Cross-SiteScripting(XSS)API6:2023 -UnrestrictedAccess toSensitiveBusiness FlowsA3:2013-Cross-SiteScripting(XSS)API10:2023 -UnsafeConsumptionof APIs

API OWASP Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  1. A5:2013-Security Misconfiguration
  2. A6:2017-Security Misconfiguration
  3. A6:2013-Sensitive Data Exposure
  4. C1:2018-Define Security Requirements
  5. C3:2018-Secure Database Access
  6. API3:2023 - Broken Object Property Level Authorization
  7. A10:2013-Unvalidated Redirects and Forwards
  8. A1:2013-Injection
  9. A3:2017-Sensitive Data Exposure
  10. A7:2013-Missing Function Level Access Control
  11. A10:2017-Insufficient Logging & Monitoring
  12. API1:2023 - Broken Object Level Authorization
  13. A2:2013-Broken Authentication and Session Management
  14. A5:2017-Broken Access Control
  15. A4:2017-XML External Entities (XXE)
  16. C2:2018-Leverage Security Frameworks and Libraries
  17. API5:2023 - Broken Function Level Authorization
  18. A8:2013-Cross-Site Request Forgery (CSRF)
  19. C4:2018-Encode and Escape Data
  20. A8:2017-Insecure Deserialization
  21. API4:2023 - Unrestricted Resource Consumption
  22. A2:2017-Broken Authentication
  23. API9:2023 - Improper Inventory Management
  24. A4:2013-Insecure Direct Object References
  25. A1:2017-Injection
  26. API6:2023 - Unrestricted Access to Sensitive Business Flows
  27. API8:2023 - Security Misconfiguration
  28. A9:2013-Using Components with Known Vulnerabilities
  29. API2:2023 - Broken Authentication
  30. A9:2017-Using Components with Known Vulnerabilities
  31. A7:2017-Cross-Site Scripting (XSS)
  32. API6:2023 - Unrestricted Access to Sensitive Business Flows
  33. A3:2013-Cross-Site Scripting (XSS)
  34. API10:2023 - Unsafe Consumption of APIs