Missing security headers (CSP, HSTS, etc.) Lack of rate limiting on APIs Outdated dependency with known CVEs No input validation on user input “It works on my machine” response to security concerns Merging code with critical security issues Logging sensitive data in plaintext "We don’t have time for security" excuse Default passwords still in use Open source library without a security review Disabled MFA on an admin account Lack of RBAC (everyone is an admin) Hardcoded credentials in source code Unencrypted database storage for PII Exposing sensitive environment variables in logs No logging or monitoring for security events Unpatched critical vulnerability in production Using eval() in production code Public S3 bucket with sensitive data Developers sharing passwords via Slack/email SQL query without parameterized inputs Ignoring security warnings in dependency scans API key exposed in a public repository No security testing in CI/CD pipeline Missing security headers (CSP, HSTS, etc.) Lack of rate limiting on APIs Outdated dependency with known CVEs No input validation on user input “It works on my machine” response to security concerns Merging code with critical security issues Logging sensitive data in plaintext "We don’t have time for security" excuse Default passwords still in use Open source library without a security review Disabled MFA on an admin account Lack of RBAC (everyone is an admin) Hardcoded credentials in source code Unencrypted database storage for PII Exposing sensitive environment variables in logs No logging or monitoring for security events Unpatched critical vulnerability in production Using eval() in production code Public S3 bucket with sensitive data Developers sharing passwords via Slack/email SQL query without parameterized inputs Ignoring security warnings in dependency scans API key exposed in a public repository No security testing in CI/CD pipeline
(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.
Missing security headers (CSP, HSTS, etc.)
Lack of rate limiting on APIs
Outdated dependency with known CVEs
No input validation on user input
“It works on my machine” response to security concerns
Merging code with critical security issues
Logging sensitive data in plaintext
"We don’t have time for security" excuse
Default passwords still in use
Open source library without a security review
Disabled MFA on an admin account
Lack of RBAC (everyone is an admin)
Hardcoded credentials in source code
Unencrypted database storage for PII
Exposing sensitive environment variables in logs
No logging or monitoring for security events
Unpatched critical vulnerability in production
Using eval() in production code
Public S3 bucket with sensitive data
Developers sharing passwords via Slack/email
SQL query without parameterized inputs
Ignoring security warnings in dependency scans
API key exposed in a public repository
No security testing in CI/CD pipeline