Free Delivery on orders above $50 for our US and Europe customers

  • Hands-on Security

    Addressing security through physical games

  • Worldwide Shipping

    Breaking through barriers for customers everywhere

  • Fully Custom Games

    For your unique cybersecurity challenges

  • Talk to us!

    We are real people with relevant experience
1 2

OWASP® Cornucopia 2.0 Website App Edition - Threat Modeling Cards

£21.60

Outcome

Identify security work that needs doing earlier in the project lifecycle. Defuse difficult relationships. Build trust. Bring teams together in peace and harmony.

Made by Agile Stationery

Experts in delivering the right kind of conversations. Slick cards in robust boxes. The best there is outside the casinos.

OWASP® Cornucopia 2.0 is an updated threat modeling tool in the form of a card game designed to help software development teams identify security requirements in Agile, conventional, and formal development processes.

The deck contains 80 tarot-style cards, each representing a common error or anti-pattern based on data from OWASP experts, that allows systems to be vulnerable to attack . The cards are divided into six suits: Data Validation and Encoding, Authentication, Session Management, Authorization, Cryptography, and a catch-all "Cornucopia" suit.

This tool is accessible to all skill levels, from beginners to security experts, and aligns with widely-recognized standards such as OWASP ASVS, MASVS, MASTG, SAFECode, SCP, and CAPEC. This version contains the updated OWASP ASVS Mapping, aligned with ASVS v4.0.

Also available in a mobile edition!

OWASP is a registered trademark of the OWASP Foundation.

How to play?

  • Set the stage

    Before dealing, sketch a simple diagram of the system on a whiteboard, paper, or digital tool, just enough to show key components and data flows.

  • Deal the cards

    Shuffle the deck and deal all the cards to 3-6 players. Each player organizes their hand by suit (but no peeking at your neighbour’s cards!).

  • Let the game begin

    Decide which player starts. The player who starts reads their card and explains how the threat could affect the system.

  • Winning

    Players take turns with the threats in that suit, with the highest card winning the round. The winner leads the next
    round until all cards are played.

Hybrid teams? No problem

Play our threat modeling games remotely
with the power of physical cards!

Croupier

  • Hands-on Security

    Addressing security through physical games

  • Worldwide Shipping

    Breaking through barriers for customers everywhere

  • Fully Custom Games

    For your unique cybersecurity challenges

  • Talk to us!

    We are real people with relevant experience
Back to top