My shopping cart
Your cart is currently empty.Continue Shopping
The Cornucopia: eCommerce Website Edition card deck is a gamified version of OWASPs Secure Coding Practices Quick Reference Guide. The game was created by Colin Watson to help teams perform threat modelling on retail websites.
Cornucopia is based on the popular, general purpose, cybersecurity card-game Elevation of Privilege invented at Microsoft in 2010. It is a great way to help teams deliver a respectable minimum level of security, to teach security and raise awareness amongst developers, and to catch subtle issues that developers are well placed to identify.
It is also a great way to begin a "shift-left" in eCommerce Website security to an earlier point in the delivery cycle. This, in turn, creates a better working relationship between security / ops teams and developers.
The game features 80 cards. Each card describes, in the abstract, a common error or anti-pattern that allows systems to be vulnerable to attack. These vulnerabilities are chosen from data gathered by web security experts OWASP.
Colin Watson's introductory video is an excellent way to become familiar with the game mechanics: