+
Skip to content

v2.4.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 26 Jun 10:39
· 78 commits to master since this release
v2.4.0
This tag was signed with the committer’s verified signature.
sydseter Uncle Joe
GPG key ID: A485223EAE611855
Verified
Learn about vigilant mode.
915c5fc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

chicken_little_cornucopia_cumulus

The clouds can be a scary place. All these machines that simply aren't yours. So how can you make sure you continuously keep your cloud infrastructure secure? OWASP Cumulus is the easy way to bring security into the cloud and your DevOps teams. Play it at copi.owasp.org!

As a variant of the card game Elevation of Privilege it follows the idea of threat modeling a system via gamification. This lightweight and low-barrier approach helps you to find threats in your DevOps or cloud project and teaches the developers a security oriented mindset.

Threat Modeling

The idea of threat modeling via serious games goes back to the card game Elevation of Privilege by Adam Shostack. The basic idea is to bring the developers to the table and get them to start discussing the security of their system. For this, a card game serves as a guide through a catalogue of threats. It is designed to be a low-barrier and naturally embeddable approach within agile software development processes.

While we at OWASP Cornucopia have been focusing on creating games focused on web- and mobile application security, we have felt that the specific needs of the DevOps team working in cloud environments have been missing. OWASP Cumulus seeks to fill this gap and provides a custom card deck with threats for cloud systems.

How to Play Cumulus

owasp cumulus how to

  • Go to: https://copi.owasp.org/games/new
  • Select OWASP Cumulus from the drop-down list
  • Make sure you have done all the preparations
  • The click: Create the Game
  • Send the link to 3 players

Once 3 players have join, click start the game.

the cards

Commits

  • 2990e72: Bump urllib3 from 2.4.0 to 2.5.0 in the pip group (dependabot[bot]) #1397
  • 7c9c41f: Bump step-security/harden-runner from 2.12.0 to 2.12.1 (dependabot[bot]) #1398
  • 51d68a6: Bump svelte from 5.34.5 to 5.34.6 in /cornucopia.owasp.org (dependabot[bot]) #1400
  • a723f44: Bump hexpm/elixir in /copi.owasp.org (dependabot[bot]) #1401
  • a9e4a55: Bump plug_cowboy from 2.7.3 to 2.7.4 in /copi.owasp.org (dependabot[bot]) #1402
  • 37ca5ab: Bump ecto_sql from 3.12.1 to 3.13.0 in /copi.owasp.org (dependabot[bot]) #1403
  • 924c749: Bump svelte-check from 4.2.1 to 4.2.2 in /cornucopia.owasp.org (dependabot[bot]) #1406
  • d57556a: Bump @sveltejs/kit from 2.21.5 to 2.22.0 in /cornucopia.owasp.org (dependabot[bot]) #1407
  • bbc4316: Bump swoosh from 1.19.2 to 1.19.3 in /copi.owasp.org (dependabot[bot]) #1408
  • 54746fa: Bump svelte from 5.34.6 to 5.34.7 in /cornucopia.owasp.org (dependabot[bot]) #1405
  • 728483b: Do no install the pyinstaller as part of the package manifest as it crashes the build (Johan Sydseter) #1410
  • 8384f3d: Bump ecto_sql from 3.13.0 to 3.13.1 in /copi.owasp.org (dependabot[bot]) #1412
  • a17e122: Add OWASP Cumulus as a game to Copi (sydseter) #1413
  • cb41197: Add the creator of OWASP Cumulus (sydseter) #1413
  • 73a1b8f: Fix test (sydseter) #1413
  • 4f1669c: Adding article about OWASP Cumulus (sydseter) #1413
  • 9a9d8da: Fix writing error (sydseter) #1413
  • 2597633: Bump urllib3 from 2.4.0 to 2.5.0 (dependabot[bot]) #1404
  • 44b80bd: Bump pathvalidate from 3.2.3 to 3.3.1 (dependabot[bot]) #1392
  • a319439: Bump mypy from 1.15.0 to 1.16.1 (dependabot[bot]) #1391
  • a8efcbf: Bump flake8 from 7.2.0 to 7.3.0 (dependabot[bot]) #1417
  • 56fd1b7: Update post about Cumulus (Uncle Joe) #1419
  • 3ad5fe3: Bump @types/node from 24.0.3 to 24.0.4 in /cornucopia.owasp.org (dependabot[bot]) #1421
  • 4d856c4: Bump phoenix_ecto from 4.6.4 to 4.6.5 in /copi.owasp.org (dependabot[bot]) #1422
  • 7ce45a9: Bump erlef/setup-beam from 1.19.0 to 1.20.1 (dependabot[bot]) #1424
  • 6c14563: Fix css styling for the Cumulus cars (sydseter) #1425
  • 413e9d6: Bump ecto_sql from 3.13.1 to 3.13.2 in /copi.owasp.org (dependabot[bot]) #1423
  • 160bd14: Revert "Merge pull request #1401 from OWASP/dependabot/docker/copi.owasp.org/hexpm/elixir-1.18.4-erlang-28.0-debian-bullseye-20250610" (sydseter) #1415
  • 3525720: Build the docker file always to check that it can be deployed. (sydseter) #1415
  • 6bfe644: Specify working dir for building the dockerfile (sydseter) #1415
  • 33d4ff3: Bump vite-plugin-static-copy in /cornucopia.owasp.org (dependabot[bot]) #1427
  • 778e497: Bump svelte from 5.34.7 to 5.34.8 in /cornucopia.owasp.org (dependabot[bot]) #1429- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Assets 47
Loading
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载