Security Requirements Identification using the OWASP Cornucopia Card Game presented at AppSecUSA 2015

by Colin Watson,

Summary : OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle. This session will use an example ecommerce application to demonstrate how to utilise the card game. After a brief introduction, attendees will split into smaller groups to play the game. Participants of this session will gain insights into relevant web application threats, learn how to use the card game with their own colleagues subsequently, and find out the most important aspects to obtain the greatest benefits for security requirements definition, and/or threat modelling, and/or security training.