Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove slash accidently added. Fixing card codes. Adjust font for Mobile App edition and Added qr codes for the bridge layout #659

Merged
merged 29 commits into from
Jul 8, 2024
Merged

Remove slash accidently added. Fixing card codes. Adjust font for Mobile App edition and Added qr codes for the bridge layout #659

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
01ca67e
Need to remove the forward slash
sydseter Jul 5, 2024
0b8335d
remove forward slash
sydseter Jul 5, 2024
c836ebb
Correcting the card codes for the english translation
sydseter Jul 7, 2024
8a9b3ae
correcting the card codes for the 2.0 mapping.
sydseter Jul 7, 2024
d45782e
Add id’s for 1.22 version.
sydseter Jul 7, 2024
279a400
Update webapp-mappings-1.22.yaml
sydseter Jul 7, 2024
46c806c
update card codes for 1.22
sydseter Jul 7, 2024
a75906d
Update card codes for english 1.22 ver
sydseter Jul 7, 2024
f400f71
Update webapp-cards-2.00-es.yaml
sydseter Jul 7, 2024
da7866a
Update webapp-cards-2.00-es.yaml
sydseter Jul 7, 2024
abb52e2
Update webapp-cards-2.00-fr.yaml
sydseter Jul 7, 2024
e342ca4
Update webapp-cards-2.00-es.yaml
sydseter Jul 7, 2024
1708fb1
Update webapp-cards-1.22-en.yaml
sydseter Jul 7, 2024
9ecbd7e
Update webapp-cards-2.00-hu.yaml
sydseter Jul 7, 2024
2d3e8e3
Update webapp-cards-2.00-nl.yaml
sydseter Jul 7, 2024
302a990
Update webapp-cards-2.00-no_nb.yaml
sydseter Jul 7, 2024
290e0a4
Update webapp-cards-2.00-pt_br.yaml
sydseter Jul 7, 2024
83e890b
Update webapp-cards-1.22-es.yaml
sydseter Jul 7, 2024
b07111d
Update webapp-cards-1.22-fr.yaml
sydseter Jul 7, 2024
b61a72b
Update webapp-cards-1.22-nl.yaml
sydseter Jul 7, 2024
549f20e
Update webapp-cards-1.22-no_nb.yaml
sydseter Jul 7, 2024
f3bad5f
Update webapp-cards-1.22-pt_br.yaml
sydseter Jul 7, 2024
b785509
Leave the joker card code as is since that code won't lead to confusi…
sydseter Jul 7, 2024
a8ba6a7
Adding qr codes for website app edition for the bridge layout. Align …
sydseter Jul 8, 2024
72f1fb1
Adding 3mm bleed
sydseter Jul 8, 2024
6bca87c
generate all layouts
sydseter Jul 8, 2024
40eb0d3
Add non qr template as well to ensure both can be created
sydseter Jul 8, 2024
5552e03
Add generation of bridge_qr
sydseter Jul 8, 2024
3bc407c
Generate the guides for all languages.
sydseter Jul 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/pre-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@
pipenv run python scripts/convert.py -l all -lt all -t all -v 2.00 -e webapp
pipenv run python scripts/convert.py -l en -lt all -t all -v 1.00 -e mobileapp
#
cp output/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml /output/cornucopia_mobileapp/
cp output/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml output/cornucopia_mobileapp/
zip -r output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_en.zip /output/cornucopia_mobileapp/Links/* /output/cornucopia_mobileapp/Fonts/* output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml
cp output/owasp_cornucopia_webapp_1.22_cards_bridge_en.idml output/owasp_cornucopia_webapp_1.22_cards_tarot_en.idml output/owasp_cornucopia_webapp_1.22_guide_bridge_en.docx output/owasp_cornucopia_webapp_1.22_leaflet_bridge_en.idml output/cornucopia_webapp/
cp output/owasp_cornucopia_webapp_1.22_cards_bridge_es.idml output/owasp_cornucopia_webapp_1.22_cards_tarot_es.idml output/owasp_cornucopia_webapp_1.22_guide_bridge_es.docx output/owasp_cornucopia_webapp_1.22_leaflet_bridge_es.idml output/cornucopia_webapp/
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@
pipenv run python scripts/convert.py -l all -lt all -t all -v 2.00 -e webapp
pipenv run python scripts/convert.py -l en -lt all -t all -v 1.00 -e mobileapp
#
cp output/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml /output/cornucopia_mobileapp/
cp output/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml output/cornucopia_mobileapp/
zip -r output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_en.zip /output/cornucopia_mobileapp/Links/* /output/cornucopia_mobileapp/Fonts/* output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml
cp output/owasp_cornucopia_webapp_1.22_cards_bridge_en.idml output/owasp_cornucopia_webapp_1.22_cards_tarot_en.idml output/owasp_cornucopia_webapp_1.22_guide_bridge_en.docx output/owasp_cornucopia_webapp_1.22_leaflet_bridge_en.idml output/cornucopia_webapp/
cp output/owasp_cornucopia_webapp_1.22_cards_bridge_es.idml output/owasp_cornucopia_webapp_1.22_cards_tarot_es.idml output/owasp_cornucopia_webapp_1.22_guide_bridge_es.docx output/owasp_cornucopia_webapp_1.22_leaflet_bridge_es.idml output/cornucopia_webapp/
Expand Down
56 changes: 28 additions & 28 deletions source/webapp-cards-2.00-en.yaml
View file
Open in desktop
rewtd marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -10,55 +10,55 @@ suits:
name: "DATA VALIDATION & ENCODING"
cards:
-
id: "DV2"
id: "VE2"
value: "2"
desc: "Brian can gather information about the underlying configurations, schemas, logic, code, software, services and infrastructure due to the content of error messages, or poor configuration, or the presence of default installation files or old, test, backup or copies of resources, or exposure of source code"
-
id: "DV3"
id: "VE3"
value: "3"
desc: "Robert can input malicious data because the allowed protocol format is not being checked, or duplicates are accepted, or the structure is not being verified, or the individual data elements are not being validated for format, type, range, length and a whitelist of allowed characters or formats"
-
id: "DV4"
id: "VE4"
value: "4"
desc: "Dave can input malicious field names or data because it is not being checked within the context of the current user and process"
-
id: "DV5"
id: "VE5"
value: "5"
desc: "Jee can bypass the centralized encoding routines since they are not being used everywhere, or the wrong encodings are being used"
-
id: "DV6"
id: "VE6"
value: "6"
desc: "Jason can bypass the centralized validation routines since they are not being used on all inputs"
-
id: "DV7"
id: "VE7"
value: "7"
desc: "Jan can craft special payloads to foil input validation because the character set is not specified/enforced, or the data is encoded multiple times, or the data is not fully converted into the same format the application uses (e.g. canonicalization) before being validated, or variables are not strongly typed"
-
id: "DV8"
id: "VE8"
value: "8"
desc: "Oana can bypass the centralized sanitization routines since they are not being used comprehensively"
-
id: "DV9"
id: "VE9"
value: "9"
desc: "Shamun can bypass input validation or output validation checks because validation failures are not rejected and/or sanitized"
-
id: "DVX"
id: "VEX"
value: "10"
desc: "Darío can exploit the trust the application places in a source of data (e.g. user-definable data, manipulation of locally stored data, alteration to state data on a client device, lack of verification of identity during data validation such as Darío can pretend to be Colin)"
-
id: "DVJ"
id: "VEJ"
value: "J"
desc: "Toby has control over input validation, output validation or output encoding code or routines so they can be bypassed"
-
id: "DVQ"
id: "VEQ"
value: "Q"
desc: "Xavier can inject data into a client or device side interpreter because a parameterised interface is not being used, or has not been implemented correctly, or the data has not been encoded correctly for the context, or there is no restrictive policy on code or data includes"
-
id: "DVK"
id: "VEK"
value: "K"
desc: "Gabe can inject data into an server-side interpreter (e.g. SQL, OS commands, Xpath, Server JavaScript, SMTP) because a strongly typed parameterised interface is not being used or has not been implemented correctly"
-
id: "DVA"
id: "VEA"
value: "A"
desc: "You have invented a new attack against Data Validation and Encoding"
misc: "Read more about this topic in OWASP's free Cheat Sheets on Input Validation, XSS Prevention, DOM-based XSS Prevention, SQL Injection Prevention, and Query Parameterization"
Expand All @@ -67,55 +67,55 @@ suits:
name: "AUTHENTICATION"
cards:
-
id: "AC2"
id: "AT2"
value: "2"
desc: "James can undertake authentication functions without the real user ever being aware this has occurred (e.g. attempt to log in, log in with stolen credentials, reset the password) "
-
id: "AC3"
id: "AT3"
value: "3"
desc: "Muhammad can obtain a user's password or other secrets such as security questions, by observation during entry, or from a local cache, or from memory, or in transit, or by reading it from some unprotected location, or because it is widely known, or because it never expires, or because the user cannot change her own password"
-
id: "AC4"
id: "AT4"
value: "4"
desc: "Sebastien can easily identify user names or can enumerate them"
-
id: "AC5"
id: "AT5"
value: "5"
desc: "Javier can use default, test or easily guessable credentials to authenticate, or can use an old account or an account not necessary for the application"
-
id: "AC6"
id: "AT6"
value: "6"
desc: "Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry, or it does not use an out-of-band delivery method (e.g. post, mobile app, SMS)"
-
id: "AC7"
id: "AT7"
value: "7"
desc: "Cecilia can use brute force and dictionary attacks against one or many accounts without limit, or these attacks are simplified due to insufficient complexity, length, expiration and re-use requirements for passwords"
-
id: "AC8"
id: "AT8"
value: "8"
desc: "Kate can bypass authentication because it does not fail secure (i.e. it defaults to allowing unauthenticated access)"
-
id: "AC9"
id: "AT9"
value: "9"
desc: "Claudia can undertake more critical functions because authentication requirements are too weak (e.g. do not use strong authentication such as two factor), or there is no requirement to re-authenticate for these"
-
id: "ACX"
id: "ATX"
value: "10"
desc: "Pravin can bypass authentication controls because a centralized standard, tested, proven and approved authentication module/framework/service, separate to the resource being requested, is not being used"
-
id: "ACJ"
id: "ATJ"
value: "J"
desc: "Mark can access resources or services because there is no authentication requirement, or it was mistakenly assumed authentication would be undertaken by some other system or performed in some previous action"
-
id: "ACQ"
id: "ATQ"
value: "Q"
desc: "Johan can bypass authentication because it is not enforced with equal rigor for all types of authentication functionality (e.g. register, password change, password recovery, log out, administration) or across all versions/channels (e.g. mobile website, mobile app, full website, API, call centre)"
-
id: "ACK"
id: "ATK"
value: "K"
desc: "Olga can influence or alter authentication code/routines so they can be bypassed"
-
id: "ACA"
id: "ATA"
value: "A"
desc: "You have invented a new attack against Authentication"
misc: "Read more about this topic in OWASP's free Authentication Cheat Sheet"
Expand Down Expand Up @@ -352,13 +352,13 @@ suits:
name: "WILD CARD"
cards:
-
id: "JOA"
id: "WCA"
value: "JokerA"
card: "Joker"
desc: "Alice can utilize the application to attack users' systems and data"
misc: "Have you thought about becoming an individual OWASP member? All tools, guidance and local meetings are free for everyone, but individual membership helps support OWASP's work"
-
id: "JOB"
id: "WCB"
value: "JokerB"
card: "Joker"
desc: "Bob can influence, alter or affect the application so that it no longer complies with legal, regulatory, contractual or other organizational mandates"
Expand Down
48 changes: 24 additions & 24 deletions source/webapp-mappings-2.00.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,95 +13,95 @@ suits:
name: "DATA VALIDATION & ENCODING"
cards:
-
id: "DV2"
id: "VE2"
value: "2"
owasp_scp: [ 69, 107-109, 136, 137, 153, 156, 158, 162 ]
owasp_asvs: [ 1.6.4, 2.10.4, 4.3.2, 7.1.1, 10.2.3, 14.1.1, 14.2.2, 14.3.3 ]
owasp_appsensor: [ HT1-3 ]
capec: [ 54, 541 ]
safecode: [ 4, 23 ]
-
id: "DV3"
id: "VE3"
value: "3"
owasp_scp: [ ]
owasp_asvs: [ 1.5.3, 5.1.1-4, 13.2.1, 14.1.2, 14.4.1 ]
owasp_appsensor: [ RE7-8, AE4-7, IE2-3, CIE1, CIE3-4, HT1-3 ]
capec: [ 28, 48, 126, 165, 213, 220, 221, 261, 262, 271, 272 ]
safecode: [ 3, 16, 24, 35 ]
-
id: "DV4"
id: "VE4"
value: "4"
owasp_scp: [ 8, 10, 183 ]
owasp_asvs: [ 4.2.1, 5.1.1, 5.1.2, 11.1.1, 11.1.2 ]
owasp_appsensor: [ RE3-6, AE8-11, SE1, SE3-6, IE2-4, HT1-3 ]
capec: [ 28, 31, 48, 126, 162, 165, 213, 220, 221, 261 ]
safecode: [ 24, 35 ]
-
id: "DV5"
id: "VE5"
value: "5"
owasp_scp: [ 3, 15, 18-22, 168 ]
owasp_asvs: [ 1.1.6, 5.3.3, 5.2.1, 5.2.2, 5.2.5 ]
owasp_appsensor: [ ]
capec: [ 28, 31, 152, 160, 468 ]
safecode: [ 2, 17 ]
-
id: "DV6"
id: "VE6"
value: "6"
owasp_scp: [ 3, 168 ]
owasp_asvs: [ 1.1.6, 1.5.3, 5.1.3, 13.2.2, 13.2.5 ]
owasp_appsensor: [ IE2, IE3 ]
capec: [ 28 ]
safecode: [ 3, 16, 24 ]
-
id: "DV7"
id: "VE7"
value: "7"
owasp_scp: [ 4, 5, 7, 150 ]
owasp_asvs: [ 1.5.3, 13.2.2, 13.2.5 ]
owasp_appsensor: [ IE2, IE3, EE1, EE2 ]
capec: [ 28, 153, 165 ]
safecode: [ 3, 16, 24 ]
-
id: "DV8"
id: "VE8"
value: "8"
owasp_scp: [ 15, 169 ]
owasp_asvs: [ 1.1.6, 5.2.2, 5.2.5 ]
owasp_appsensor: [ ]
capec: [ 28, 31, 152, 160, 468 ]
safecode: [ 2, 17 ]
-
id: "DV9"
id: "VE9"
value: "9"
owasp_scp: [ 6, 21, 22, 168 ]
owasp_asvs: [ 7.1.3 ]
owasp_appsensor: [ IE2, IE3 ]
capec: [ 28 ]
safecode: [ 3, 16, 24 ]
-
id: "DVX"
id: "VEX"
value: "10"
owasp_scp: [ 2, 19, 92, 95, 180 ]
owasp_asvs: [ 1.12.2, 5.1.3, 9.2.3, 12.2.1, 12.3.1-3, 12.4.2, 12.5.2, 14.5.3 ]
owasp_appsensor: [ IE4, IE5 ]
capec: [ 12, 51, 57, 90, 111, 145, 194, 195, 202, 218, 463 ]
safecode: [ 14 ]
-
id: "DVJ"
id: "VEJ"
value: "J"
owasp_scp: [ 1, 17 ]
owasp_asvs: [ 1.5.3 ]
owasp_appsensor: [ RE3, RE4 ]
capec: [ 87, 207, 554 ]
safecode: [ 2, 17 ]
-
id: "DVQ"
id: "VEQ"
value: "Q"
owasp_scp: [ 10, 15, 16, 19, 20 ]
owasp_asvs: [ 5.2.1, 5.2.5, 5.3.3, 5.5.4 ]
owasp_appsensor: [ IE1, RP3 ]
capec: [ 28, 31, 152, 160, 468 ]
safecode: [ 2, 17 ]
-
id: "DVK"
id: "VEK"
value: "K"
owasp_scp: [ 15, 19-22, 167, 180, 204, 211, 212 ]
owasp_asvs: [ 5.2.1, 5.2.2, 5.3.4, 5.3.7-10 ]
Expand All @@ -113,95 +113,95 @@ suits:
name: "AUTHENTICATION"
cards:
-
id: "AC2"
id: "AT2"
value: "2"
owasp_scp: [ 47, 52 ]
owasp_asvs: [ 2.5.2, 7.1.2, 7.1.4, 7.2.1, 8.2.1, 8.2.2, 8.2.3, 8.3.6 ]
owasp_appsensor: [ UT1 ]
capec: [ ]
safecode: [ 28 ]
-
id: "AC3"
id: "AT3"
value: "3"
owasp_scp: [ 36, 37, 40, 43, 48, 51, 119, 139, 140, 146 ]
owasp_asvs: [ 2.5.2, 2.5.3 ]
owasp_appsensor: [ ]
capec: [ 37, 546 ]
safecode: [ 28 ]
-
id: "AC4"
id: "AT4"
value: "4"
owasp_scp: [ 33, 53 ]
owasp_asvs: [ 2.2.1, 4.1.5 ]
owasp_appsensor: [ AE1 ]
capec: [ 383 ]
safecode: [ 28 ]
-
id: "AC5"
id: "AT5"
value: "5"
owasp_scp: [ 54, 175, 178 ]
owasp_asvs: [ 4.1.5 ]
owasp_appsensor: [ AE12, HT3 ]
capec: [ 70 ]
safecode: [ 28 ]
-
id: "AC6"
id: "AT6"
value: "6"
owasp_scp: [ 37, 45, 46, 178 ]
owasp_asvs: [ 2.5.6 ]
owasp_appsensor: [ ]
capec: [ 50 ]
safecode: [ 28 ]
-
id: "AC7"
id: "AT7"
value: "7"
owasp_scp: [ 33, 38, 39, 41, 50, 53 ]
owasp_asvs: [ 2.1.2, 2.1.7, '2.1.10', 2.2.1 ]
owasp_appsensor: [ AE2, AE3 ]
capec: [ 2, 16 ]
safecode: [ 27 ]
-
id: "AC8"
id: "AT8"
value: "8"
owasp_scp: [ 28 ]
owasp_asvs: [ 4.1.5 ]
owasp_appsensor: [ ]
capec: [ 115 ]
safecode: [ 28 ]
-
id: "AC9"
id: "AT9"
value: "9"
owasp_scp: [ 55, 56 ]
owasp_asvs: [ 1.4.5, 2.1.6, 2.2.4, 4.1.3, 4.3.3 ]
owasp_appsensor: [ ]
capec: [ 21 ]
safecode: [ 14, 28 ]
-
id: "ACX"
id: "ATX"
value: "10"
owasp_scp: [ 25, 26, 27 ]
owasp_asvs: [ 1.1.6, 1.4.4 ]
owasp_appsensor: [ ]
capec: [ 90, 115 ]
safecode: [ 14, 28 ]
-
id: "ACJ"
id: "ATJ"
value: "J"
owasp_scp: [ 23, 32, 34 ]
owasp_asvs: [ 1.4.5, 4.3.1 ]
owasp_appsensor: [ ]
capec: [ 115 ]
safecode: [ 14, 28 ]
-
id: "ACQ"
id: "ATQ"
value: "Q"
owasp_scp: [ 23, 29, 42, 49 ]
owasp_asvs: [ 1.4.5, 2.5.6, 2.5.7, 4.3.1 ]
owasp_appsensor: [ ]
capec: [ 36, 50, 115, 121, 179 ]
safecode: [ 14, 28 ]
-
id: "ACK"
id: "ATK"
value: "K"
owasp_scp: [ 24 ]
owasp_asvs: [ 4.1.1, 10.2.3, 10.2.4-6 ]
Expand Down
Loading