Cornucopia update 09 Jun 2024
45 views
Skip to first unread message
Colin Watson
Jun 9, 2024, 11:38:20 AMJun 9
to Cornucopia Project
List/Group members
We wanted you to be the first to be notified with some project news, before they are announced more widely. OWASP Cornucopia provides a set of cards designed to gamify application threat modeling activities, is free to use, and is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Following a very large amount of work by many project volunteers, two new versions of Cornucopia have been released.
https://github.com/OWASP/cornucopia/releases/tag/v2.0.0
Firstly, the former "Cornucopia - Ecommerce Website Edition" is now called "Cornucopia - Website App Edition". This edition was originally created in August 2012, released as v1.0 in February 2013 and has previously undergone a number of minor updates/releases in the following ten years. This has been substantially updated in today's release of v2.0, in which the most noticeable change has been to update the OWASP ASVS mapping from ASVS v3.0 to v4.0. Further work on the data and code to generate the files for the cards themselves, the cases and folded leaflet and the legacy guide document has been undertaken, and this code also generates cards/cases/leaflets in two physical sizes. The smaller is often referred to as "bridge-sized cards" and the larger as "Tarot-sized cards". All these v2.0 files are immediately available in six languages (EN, ES, FR, NL, NO-NB and PT-BR) due to efforts of past and current volunteers.
Secondly, as a result of other significant effort, primarily by volunteers Johan Sydseter and Xavier Godard, there is now a completely new edition for threat modelling mobile apps. This "Cornucopia - Mobile App Edition" is released as v1.0 and is mapped to mapping to the OWASP Mobile Application Security Verification Standard (MASVS v2.0) and OWASP Mobile Application Security Testing Guide (MASTG) v1.7, being available initially in one language (EN) and in the two physical sizes. Like the original, this completely new edition of Cornucopia also has six suits of 13 cards plus two jokers, with the suit names drawn from MASVS: Platform & Code (PC), Authentication & Authorization (AA), Network & Storage (NS), Resilience (RS), Cryptography (CRM) and Cornucopia (COM).
Both releases also have newly updated case designs in each size.
We thank everyone who has contributed to OWASP Cornucopia over the years, without whom these latest releases would not have been possible. They are named on the project website.
https://owasp.org/www-project-cornucopia/#div-acknowledgements
Later this month OWASP Cornucopia is taking part in the project showcase track at OWASP Global AppSec Lisbon 2024.
https://owaspglobalappseclisbon2024.sched.com/event/83f2aca8fa276b458eb714cb3a8ad5e5
Colin, Grant and Johan
OWASP Cornucopia Project Leaders
Project Page: https://owasp.org/www-project-cornucopia/
Google Group: https://groups.google.com/a/owasp.org/g/cornucopia-project
We wanted you to be the first to be notified with some project news, before they are announced more widely. OWASP Cornucopia provides a set of cards designed to gamify application threat modeling activities, is free to use, and is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Following a very large amount of work by many project volunteers, two new versions of Cornucopia have been released.
https://github.com/OWASP/cornucopia/releases/tag/v2.0.0
Firstly, the former "Cornucopia - Ecommerce Website Edition" is now called "Cornucopia - Website App Edition". This edition was originally created in August 2012, released as v1.0 in February 2013 and has previously undergone a number of minor updates/releases in the following ten years. This has been substantially updated in today's release of v2.0, in which the most noticeable change has been to update the OWASP ASVS mapping from ASVS v3.0 to v4.0. Further work on the data and code to generate the files for the cards themselves, the cases and folded leaflet and the legacy guide document has been undertaken, and this code also generates cards/cases/leaflets in two physical sizes. The smaller is often referred to as "bridge-sized cards" and the larger as "Tarot-sized cards". All these v2.0 files are immediately available in six languages (EN, ES, FR, NL, NO-NB and PT-BR) due to efforts of past and current volunteers.
Secondly, as a result of other significant effort, primarily by volunteers Johan Sydseter and Xavier Godard, there is now a completely new edition for threat modelling mobile apps. This "Cornucopia - Mobile App Edition" is released as v1.0 and is mapped to mapping to the OWASP Mobile Application Security Verification Standard (MASVS v2.0) and OWASP Mobile Application Security Testing Guide (MASTG) v1.7, being available initially in one language (EN) and in the two physical sizes. Like the original, this completely new edition of Cornucopia also has six suits of 13 cards plus two jokers, with the suit names drawn from MASVS: Platform & Code (PC), Authentication & Authorization (AA), Network & Storage (NS), Resilience (RS), Cryptography (CRM) and Cornucopia (COM).
Both releases also have newly updated case designs in each size.
We thank everyone who has contributed to OWASP Cornucopia over the years, without whom these latest releases would not have been possible. They are named on the project website.
https://owasp.org/www-project-cornucopia/#div-acknowledgements
Later this month OWASP Cornucopia is taking part in the project showcase track at OWASP Global AppSec Lisbon 2024.
https://owaspglobalappseclisbon2024.sched.com/event/83f2aca8fa276b458eb714cb3a8ad5e5
Colin, Grant and Johan
OWASP Cornucopia Project Leaders
Project Page: https://owasp.org/www-project-cornucopia/
Google Group: https://groups.google.com/a/owasp.org/g/cornucopia-project
Reply all
Reply to author
Forward
0 new messages