Proposal from DotNetlabs - All feedback is more then welcome

[Johan Sydseter]

Hi all Cornucopia contributors, supporters and players. 

A proposal was posted to slack today by Jef Meijvis, Unit director for cybersecurity at Dotnetlab.

We are reposting the message here since he was curious to hear what all of you think about it.

Brilliant ideas, comments and suggestions are more then welcome.

Kind regards

 

Colin, Grant and Johan

OWASP Cornucopia project leaders

—————————

Hi all,

Ive Verstappen & myself from dotNET lab had a lovely chat the other day with @starr brown & @Jason C. McDonald.

A couple of things came up:

1. We have created an online reference for the previous version of the deck over at https://cornucopia.dotnetlab.eu/.

Originally this was just as an aid for our own developers playing Cornucopia.

It contains a card browser, but also makes the card mappings interactive by linking them to the respective projects.

We would love to donate this to the official Cornucopia project/repository, where we could help maintain and update it for the new mobile and web app deck.

Curious to hear what the rest of the Cornucopia team members think of this?

2. We are planning to add the V2 cards to our webshop.

Currently in discussion with our supplier partner for printing.

We want to donate part of the revenue of the sales of these decks to the OWASP Foundation.

3. We plan to print them in the official design with 2 (possible) modifications:

a) To suit our shipping partner we need a add a unique product barcode on one side of the box. (e.g. OWASP-CORNUCOPIA-WEBAPP-V2)

This is purely for them to handle the card decks during the shipping process.

b) On our current printed decks over at https://webshop.dotnetlab.eu/product/cornucopia-card-deck/ we included a QR code which links to the online reference.

By doing this we felt we were able to keep the card size small enough, and provide additional information through the website behind the QR code.

Is there any interest for doing this again, but then for the updated versions?

4. We could work with discount codes in the webshop for OWASP members or to hand out at OWASP events.

Open to all suggestions on these!

--
Best regards / Vennlig hilsen

Johan Sydseter
Tel: 0047 45 45 36 30

[Xavier Godard]

Hi Johan, 

A lot of great ideas here. It's great to build up a close partnership with them.  That's very nice of them to share their website with us. However, I think it may be  better to have everything under the same website in terms of user experience. UIs of both websites are very different so it could feel weird for users to switch from one website to another. 

Do we want to try to find a way to unify / use both websites? Or do we  agree to have two different websites used by different communities of players?

 

• About point 1: Copi will do that soon. Toby is working on this. We don't have a feature like "card mappings interactive by linking them to the respective projects." However, this could be an interesting feature to add to Copi.
• About point 3 b: Are we still planning to do that for our own desk? This will be possible once Toby has created an endpoint for each card on Copi though.

It could be interesting to have a chat with them about the online version and see how we could work together? If that's the case could you please add Toby and me in the loop please.

Thanks,

Xavier

--
You received this message because you are subscribed to the Google Groups "Cornucopia Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-proj...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAC27Lgdn%3DZd6_cOKDtrpLg7JqnmNH95Jt7KhLrh%2BQcY-z853oA%40mail.gmail.com.

[Grant Ongers (OWASP)]

Actually the CAPEC links used to be there on Copi - so we could definitely do those too. 

I think we lost them on the most recent pushes because the YAML file doesn't have them?

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAJDDti2exUf2rwVmeqQEYpkAN93Z66n7GUNS09uhySvyaxde3g%40mail.gmail.com.

--

Grant Ongers Co-Lead | OWASP Cornucopia Project Co-Lead | OWASP OWASP PSCF OWASP Compliance Officer F164 738F 16BF FDBF F0B6 5720 C986 8AF7 5F41 97BE

[Johan Sydseter]

Toby and Xavier, you can have a look at what Jef has done here: Found the source: https://github.com/jefmeijvis/cornucopia.dotnetlab.eu/tree/master

He use a system that reads yaml files and spits out js and html. It’s open source, but not licensed yet, do you think this could give us a head start concerning what we are discussing?

Best regards Johan Sydseter

14. juni 2024 kl. 14:05 skrev Toby Irvine <to...@securedelivery.io>:



My feeling is that any extra context/advice/links for cards should be in the core yaml for the decks. The printed decks can only use a subset due to physical limitations but then the additional, curated content can be used by any online representation, including Copi.

If there are already useful sources of content outside of the project, created by people willing to contribute it, that’s fantastic. We’ll be working this year to create the extra information for each card and having a good starting point will make that work easier.

[Colin Watson]

I agree with Toby's suggestion that all possible content should be in the yaml files. That makes the content more reusable by more people.

Looking at the dotnetlab online reference, I wonder what is different in that to the project's own wiki deck at https://wiki.owasp.org/index.php/Cornucopia_-_Ecommerce_Website_Edition_-_Wiki_Deck which was originally initiated by previous project leader Dario De Filippis, but has been added to and maintained by others.

E.g. https://wiki.owasp.org/index.php/Cornucopia_-_Ecommerce_Website_-_VE_5

I would could help by adding the notes for each card to the EN yaml files if that would help other people, including dotnetlab, consume a single consistent set of source Cornucopia data.

Colin

To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-project+unsub...@owasp.org.

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAC27Lgdn%3DZd6_cOKDtrpLg7JqnmNH95Jt7KhLrh%2BQcY-z853oA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Cornucopia Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-project+unsub...@owasp.org.

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAJDDti2exUf2rwVmeqQEYpkAN93Z66n7GUNS09uhySvyaxde3g%40mail.gmail.com.

[Johan Sydseter]

Hy Colin, the only thing that has been added is The cheatseries index and the potential attacks and associated information. 

It’s of course possible to ensure both copi and the cornucopia website builds from the same yaml source.

Although the content is very similar to the wotk on the wiki the value is in having it finished structured and ready to be published.

How this should be done is details that I am sure we can figure out together. What I think is important is to established whether this content, in it’s current form will add sufficent value to the project, or not.

We are a small comunity so perhaps we would be better off having an open mind about it. Jef seems more then capable of adding value to the project and having a closer colaboration with them will, in my mind increase the chance of getting all us pulling in the same direction.

Best regards Johan Sydseter

15. juni 2024 kl. 10:55 skrev Colin Watson <colin....@owasp.org>:

I agree with Toby's suggestion that all possible content should be in the yaml files. That makes the content more reusable by more people.

To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-proj...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/c499706a-db98-47cb-9d97-bdbba8f956edn%40owasp.org.

[Colin Watson]

Johan

Thanks for that information and thoughts. Yes, the more people involved and contributing, the better.

Colin

To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-proj...@owasp.org.

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAC27Lgdn%3DZd6_cOKDtrpLg7JqnmNH95Jt7KhLrh%2BQcY-z853oA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Cornucopia Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-proj...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAJDDti2exUf2rwVmeqQEYpkAN93Z66n7GUNS09uhySvyaxde3g%40mail.gmail.com.

--

Grant Ongers Co-Lead | OWASP Cornucopia Project Co-Lead | OWASP OWASP PSCF OWASP Compliance Officer F164 738F 16BF FDBF F0B6 5720 C986 8AF7 5F41 97BE

[Johan Sydseter]

The same to you.

It’s really good that we get everyone’s opinion and thoughts out there and can discuss this. 

Best regards Johan Sydseter

15. juni 2024 kl. 17:08 skrev Colin Watson <colin....@owasp.org>: