Free Delivery on orders above $50 for our US and Europe customers
1 2

OWASP® Cornucopia 2.0 Website App Edition - Threat Modeling Cards

£18.00

Description

OWASP® Cornucopia 2.0 is an updated threat modeling tool in the form of a card game designed to help software development teams identify security requirements in Agile, conventional, and formal development processes.

The deck contains 80 tarot-style cards, each representing a common error or anti-pattern based on data from OWASP experts, that allows systems to be vulnerable to attack . The cards are divided into six suits: Data Validation and Encoding, Authentication, Session Management, Authorization, Cryptography, and a catch-all "Cornucopia" suit.

This tool is accessible to all skill levels, from beginners to security experts, and aligns with widely-recognized standards such as OWASP ASVS, MASVS, MASTG, SAFECode, SCP, and CAPEC. This version contains the updated OWASP ASVS Mapping, aligned with ASVS v4.0.

Also available in a mobile edition!

OWASP is a registered trademark of the OWASP Foundation.

Bulk Pricing

Automatically applied at checkout:

Buy Discount
5 or more decks 10% off
10 or more decks 15% off
20 or more decks 20% off
30 or more decks 30% off

Outcome

Identify work that needs doing earlier in the project lifecycle. Defuse difficult relationships. Build trust. Bring teams together in peace and harmony.

Made by Agile Stationery

Experts in delivering the right kind of conversations. Slick cards in robust boxes. The best there is outside the casinos.

Specifications
  • Suits
    Data Validation and Encoding, Authentication, Session Management, Authorization, Cryptography, Cornucopia
  • # Cards
    80
  • Created by
    Colin Watson

Try a branded version

If you'd like to encourage the use of this technique within your team or organisation, a branded deck is a great way to demonstrate your support and commitment to the process.

How to play?

  • Set the stage

    Before dealing, sketch a simple diagram of the system on a whiteboard, paper, or digital tool, just enough to show key components and data flows.

  • Deal the cards

    Shuffle the deck and deal all the cards to 3-6 players. Use Croupier to deal out cards to remote players.

  • Let the game begin

    Decide which player starts. The player who starts reads their card and explains how the threat could affect the system.

  • Winning

    Players take turns with the threats in that suit, with the highest card winning the round. The winner leads the next round until all cards are played.

Hybrid teams? No problem

Play our threat modeling games remotely
with the power of physical cards!

Croupier
Back to top