Free Delivery on orders above $50 for our US and Europe customers

OWASP Cumulus - Threat Modeling the Cloud

£19.20

Outcome

Identify security work that needs doing earlier in the project lifecycle. Defuse difficult relationships. Build trust. Bring teams together in peace and harmony.

Made by Agile Stationery

Experts in delivering the right kind of conversations. Slick cards in robust boxes. The best there is outside the casinos.

60 cards

OWASP Cumulus is a gamified approach to integrating security into cloud and DevOps teams. As a variant of the popular card game Elevation of Privilege by Adam Shostack, Cumulus enables teams to threat model DevOps systems.

Cumulus categorizes threats into five key areas, reflected as game suits:
• Access & Secrets
• Delivery
• Recovery
• Monitoring
• Resources

Developed and supported by TNG Technology Consulting, Cumulus helps DevOps teams enhance their security through collaboration and discussion and seamlessly integrates into agile development processes.

Threat model the Ops of DevOps!

How to play?

  • Set the stage

    Before dealing, sketch a simple diagram of the system on a whiteboard, paper, or digital tool, just enough to show key components and data flows.

  • Deal the cards

    Shuffle the deck and deal all the cards to 3-6 players. Each player organizes their hand by suit (but no peeking at your neighbour’s cards!).

  • Let the game begin

    Decide which player starts. The player who starts reads their card and explains how the threat could affect the system.

  • Winning

    Players take turns with the threats in that suit, with the highest card winning the round. The winner leads the next
    round until all cards are played.

Hybrid teams? No problem

Play our threat modeling games remotely
with the power of physical cards!

Croupier

  • Hands-on Security

    Addressing security through physical games

  • Worldwide Shipping

    Breaking through barriers for customers everywhere

  • Fully Custom Games

    For your unique cybersecurity challenges

  • Talk to us!

    We are real people with relevant experience
Back to top