The 25th Anniversary Edition of OWASP Cornucopia

[johan sydseter]

The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition.

Again!! You may ask, but this time we have accumulated 25 years knowledge and wisdom distilled onto 158 playing cards. Using these cards, you will be able to do threat modeling of agentic AI, cloud, DevOps, frontend, LLM, automation, and web applications, all at the same time! Read all about it here: https://dev.to/owasp/introducing-a-owasp-game-for-threat-modeling-agentic-ai-cloud-devops-frontend-llm-automation-5984

Decks can be ordered here: https://cybersecgames.com/pages/owasp-cornucopia-threat-modeling-collection

We want to thank everyone who has made this possible. Especially, we want to thank

Adrian Sroka, for bringing us the Agentic AI, Cloud, and Frontend suits for the new game and creating online pages and mapping his threats to OWASP ASVS, Top 10, AISVS, AITG, Top 10 Agentic Apps, and Top 10 for LLM, Mitre Atlas, and STRIDE.

Mateusz Hubala, for bringing us the DevOps suit for the game and creating online pages and mapping his threats to OWASP SAMM and DSOMM, CAPEC, and STRIDE.

Moritz Krause & Torben Neumann, for bringing us the LLM suit for the game and mapping their threats to OWASP AISVS, AITG, Top 10 for LLM, Mitre Atlas, CWE, and STRIDE.

Colin Watson for bringing us the Automated Threats suits and mapping his threats to OWASP Automated Threats to Web Applications.

We also want to especially thank Ayman Algamal, Adarsh kumar, Abhijit Sahoo, and Mradul Tiwari for helping develop the game, now available at copi.owasp.org, and for creating the help pages at cornucopia.owasp.org.

And we want to thank all project leaders and contributors to the OWASP projects that have provided valuable input and guidance on the OWASP Top 10, OWASP AISVS, and the OWASP GenAI Security project. We also want to thank the people and contributors to Mitre's Common Attack Pattern Enumeration and Classification (CAPEC™) and Mitre Atlas™, and the Cloud Security Alliance for the use of the Cloud Controls Matrix, which are all used in the cross-references provided.

In addition, we want to thank Anand kushwaha, Mahaboobunnisa[Shabnam] for helping with the release of v3.0.0 and CyberSec Games for all the help and support with the printing and distribution of the 25th anniversary edition.

Linkedin: https://www.linkedin.com/posts/sydseter_appsec-security-owasp-share-7459414049525706752-UGkJ
Bluesky: https://bsky.app/profile/sydseter.com/post/3mlk5acpyt22r
Mastodon: https://mastodon.social/@sydseter/116553398615879915

[Colin Watson]

Well done to everyone involved with these releases, including the new deck. These build on the work of all prior project contributors, including those organisations who contributed designs, code and text copy. Thanks to everyone.

Special thanks to Johan for coming up with the idea for the Companion Deck a year ago (https://github.com/OWASP/cornucopia/issues/1259) and for leading its development, implementation and release. There will also be coverage at AppSec EU 2026 in Vienna.

Colin

--
You received this message because you are subscribed to the Google Groups "Cornucopia Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-proj...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAN5K%3DK%2B61mm%2BeKeNSJr9JWk5mUpUNq0ZrvT%3DkCqtaHXLP1%2BuNQ%40mail.gmail.com.