<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>OWASP® Cornucopia 2.0 - DEV Community</title> <meta name="last-updated" content="2025-02-21 08:06:30 UTC"> <meta name="user-signed-in" content="false"> <meta name="head-cached-at" content="1740125190"> <meta name="environment" content="production"> <link rel="stylesheet" href="https://assets.dev.to/assets/minimal-0a971eb021d2dc2b145c1df786e1b97f418c6b2d066e79802fea980acb513937.css" media="all" id="main-minimal-stylesheet" /> <link rel="stylesheet" href="https://assets.dev.to/assets/views-1c703342dce6eac414f19ca7fd07bcf83cbe44088659758144e52e7fa1e92dd3.css" media="all" id="main-views-stylesheet" /> <link rel="stylesheet" href="https://assets.dev.to/assets/crayons-0f2fc85bc159498f8ae6fba58c460e6deba863d02d59dfa994c1954976ddb6cc.css" media="all" id="main-crayons-stylesheet" /> <script src="https://assets.dev.to/assets/base-a87669a7c932717e71153a0e9be51887fd49f60281c77873f33571fab239e9d6.js" defer="defer"></script> <script src="https://assets.dev.to/assets/application-7258612fccf5d56314a6e4ad1898b4f818f474c4bb3485e302428d489a769a17.js" defer="defer"></script> <script src="https://assets.dev.to/assets/baseInitializers-ee70590bbbe9b8f9d750ea9b4b7e809c47123e9064196238ba4e65bc65caf708.js" defer="defer"></script> <script src="https://assets.dev.to/assets/baseTracking-b6bf73e5ee66633e151e7d5b7c6bbccedfa4c59e3615be97b98c4c0f543ddae7.js" defer="defer"></script> <meta name="search-script" content="https://assets.dev.to/assets/Search-1667defd820799649d6c3b2864f13786058190df703dd50ab75dce1ccb834c4b.js"> <link rel="canonical" href="https://cornucopia.owasp.org/news/20240609-owasp-cornucopia20" /> <meta name="description" content="I started out as a web designer 16 years ago and my first website got brutally hacked, not... Tagged with owasp, applicationsecurity, cornucopia, cybersecurity."> <meta name="keywords" content="owasp, applicationsecurity, cornucopia, cybersecurity, software, coding, development, engineering, inclusive, community"> <meta property="og:type" content="article" /> <meta property="og:url" content="https://dev.to/owasp/owaspr-cornucopia-20-3p46" /> <meta property="og:title" content="OWASP® Cornucopia 2.0" /> <meta property="og:description" content="I started out as a web designer 16 years ago and my first website got brutally hacked, not..." /> <meta property="og:site_name" content="DEV Community" /> <meta name="twitter:site" content="@thepracticaldev"> <meta name="twitter:creator" content="@JSydseter"> <meta name="twitter:title" content="OWASP® Cornucopia 2.0"> <meta name="twitter:description" content="I started out as a web designer 16 years ago and my first website got brutally hacked, not..."> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:widgets:new-embed-design" content="on"> <meta name="robots" content="max-snippet:-1, max-image-preview:large, max-video-preview:-1"> <meta property="og:image" content="https://media2.dev.to/dynamic/image/width=1000,height=500,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg" /> <meta name="twitter:image:src" content="https://media2.dev.to/dynamic/image/width=1000,height=500,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg"> <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover"> <link rel="icon" type="image/x-icon" href="https://media2.dev.to/dynamic/image/width=32,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png" /> <link rel="apple-touch-icon" href="https://media2.dev.to/dynamic/image/width=180,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png"> <link rel="apple-touch-icon" sizes="152x152" href="https://media2.dev.to/dynamic/image/width=152,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png"> <link rel="apple-touch-icon" sizes="180x180" href="https://media2.dev.to/dynamic/image/width=180,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png"> <link rel="apple-touch-icon" sizes="167x167" href="https://media2.dev.to/dynamic/image/width=167,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png"> <link href="https://media2.dev.to/dynamic/image/width=192,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png" rel="icon" sizes="192x192" /> <link href="https://media2.dev.to/dynamic/image/width=128,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png" rel="icon" sizes="128x128" /> <meta name="apple-mobile-web-app-title" content="dev.to"> <meta name="application-name" content="dev.to"> <meta name="theme-color" content="#ffffff" media="(prefers-color-scheme: light)"> <meta name="theme-color" content="#000000" media="(prefers-color-scheme: dark)"> <link rel="search" href="https://dev.to/open-search.xml" type="application/opensearchdescription+xml" title="DEV Community" /> <meta property="forem:name" content="DEV Community" /> <meta property="forem:logo" content="https://media2.dev.to/dynamic/image/width=512,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png" /> <meta property="forem:domain" content="dev.to" /> </head> <body class="sans-serif-article-body default-header" data-user-status="logged-out" data-community-name="DEV Community" data-subscription-icon="https://assets.dev.to/assets/subscription-icon-805dfa7ac7dd660f07ed8d654877270825b07a92a03841aa99a1093bd00431b2.png" data-locale="en" data-honeybadger-key="hbp_nqu4Y66HuEKlD6YRGssZuRQnPOjDm50J8Zkr" data-deployed-at="2025-02-20T14:56:01Z" data-latest-commit-id="cf24e7ead7627d035c9edc0b634e332f7a728698" data-ga-tracking="UA-71991109-1" data-cookie-banner-user-context="logged_out_only" data-cookie-banner-platform-context="off" data-algolia-id="PRSOBFP46H" data-algolia-search-key="9aa7d31610cba78851c9b1f63776a9dd" data-algolia-display="true" data-dynamic-url-component="bb-2" data-ga4-tracking-id="G-TYEM8Y3JN3"> <script> if (navigator.userAgent.includes('ForemWebView/1') || window.frameElement) { document.body.classList.add("hidden-shell"); } </script> <link rel="stylesheet" href="https://assets.dev.to/assets/minimal-0a971eb021d2dc2b145c1df786e1b97f418c6b2d066e79802fea980acb513937.css" media="all" id="secondary-minimal-stylesheet" /> <link rel="stylesheet" href="https://assets.dev.to/assets/views-1c703342dce6eac414f19ca7fd07bcf83cbe44088659758144e52e7fa1e92dd3.css" media="all" id="secondary-views-stylesheet" /> <link rel="stylesheet" href="https://assets.dev.to/assets/crayons-0f2fc85bc159498f8ae6fba58c460e6deba863d02d59dfa994c1954976ddb6cc.css" media="all" id="secondary-crayons-stylesheet" /> <div id="body-styles"> <style> :root { --accent-brand-lighter-rgb: 80, 99, 301; --accent-brand-rgb: 59, 73, 223; --accent-brand-darker-rgb: 47, 58, 178; } </style> </div> <div id="audiocontent" data-podcast=""> </div> <div class="navigation-progress" id="navigation-progress"></div> <header id="topbar" class="crayons-header topbar print-hidden"> <span id="route-change-target" tabindex="-1"></span> <a href="#main-content" class="skip-content-link">Skip to content</a> <div class="crayons-header__container"> <span class="inline-block m:hidden "> <button class="c-btn c-btn--icon-alone js-hamburger-trigger mx-2"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="an89jhknhzn8n2jqmyltzhyef3yge1m0" class="crayons-icon"><title id="an89jhknhzn8n2jqmyltzhyef3yge1m0">Navigation menu</title> <path d="M3 4h18v2H3V4zm0 7h18v2H3v-2zm0 7h18v2H3v-2z"></path> </svg> </button> </span> <a href="/" class="site-logo" aria-label="DEV Community Home"> <img class="site-logo__img" src="https://media2.dev.to/dynamic/image/quality=100/https://dev-to-uploads.s3.amazonaws.com/uploads/logos/resized_logo_UQww2soKuUsjaOGNB38o.png" style="aspect-ratio: 10 / 8" alt="DEV Community"> </a> <div class="crayons-header--search js-search-form" id="header-search"> <form accept-charset="UTF-8" method="get" action="/search" role="search"> <div class="crayons-fields crayons-fields--horizontal"> <div class="crayons-field flex-1 relative"> <input id="search-input" class="crayons-header--search-input crayons-textfield js-search-input" type="text" id="nav-search" name="q" placeholder="Find related posts..." autocomplete="off" /> <button type="submit" aria-label="Search" class="c-btn c-btn--icon-alone absolute inset-px right-auto mt-0 py-0"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="alcjstbt7wcsh2u265tojzne2ofw7e7r" aria-hidden="true" class="crayons-icon"><title id="alcjstbt7wcsh2u265tojzne2ofw7e7r">Search</title> <path d="M18.031 16.617l4.283 4.282-1.415 1.415-4.282-4.283A8.96 8.96 0 0111 20c-4.968 0-9-4.032-9-9s4.032-9 9-9 9 4.032 9 9a8.96 8.96 0 01-1.969 5.617zm-2.006-.742A6.977 6.977 0 0018 11c0-3.868-3.133-7-7-7-3.868 0-7 3.132-7 7 0 3.867 3.132 7 7 7a6.977 6.977 0 004.875-1.975l.15-.15z"></path> </svg> </button> <a class="crayons-header--search-brand-indicator" href="https://www.algolia.com/developers/?utm_source=devto&utm_medium=referral" target="_blank" rel="noopener noreferrer"> Powered by <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" width="24" height="24" viewBox="0 0 500 500.34" role="img" aria-labelledby="ailjet6qygi4oxtq7ybje5l16o6ei6yt" aria-hidden="true" class="crayons-icon"><title id="ailjet6qygi4oxtq7ybje5l16o6ei6yt">Search</title> <defs></defs><path class="cls-1" d="M250,0C113.38,0,2,110.16,.03,246.32c-2,138.29,110.19,252.87,248.49,253.67,42.71,.25,83.85-10.2,120.38-30.05,3.56-1.93,4.11-6.83,1.08-9.52l-23.39-20.74c-4.75-4.22-11.52-5.41-17.37-2.92-25.5,10.85-53.21,16.39-81.76,16.04-111.75-1.37-202.04-94.35-200.26-206.1,1.76-110.33,92.06-199.55,202.8-199.55h202.83V407.68l-115.08-102.25c-3.72-3.31-9.43-2.66-12.43,1.31-18.47,24.46-48.56,39.67-81.98,37.36-46.36-3.2-83.92-40.52-87.4-86.86-4.15-55.28,39.65-101.58,94.07-101.58,49.21,0,89.74,37.88,93.97,86.01,.38,4.28,2.31,8.28,5.53,11.13l29.97,26.57c3.4,3.01,8.8,1.17,9.63-3.3,2.16-11.55,2.92-23.6,2.07-35.95-4.83-70.39-61.84-127.01-132.26-131.35-80.73-4.98-148.23,58.18-150.37,137.35-2.09,77.15,61.12,143.66,138.28,145.36,32.21,.71,62.07-9.42,86.2-26.97l150.36,133.29c6.45,5.71,16.62,1.14,16.62-7.48V9.49C500,4.25,495.75,0,490.51,0H250Z"></path> </svg> Algolia </a> </div> </div> </form> </div> <div class="flex items-center h-100 ml-auto"> <div class="flex" id="authentication-top-nav-actions"> <span class="hidden m:block"> <a href="https://dev.to/enter" class="c-link c-link--block mr-2 whitespace-nowrap ml-auto" data-no-instant> Log in </a> </span> <a href="https://dev.to/enter?state=new-user" data-tracking-id="ca_top_nav" data-tracking-source="top_navbar" class="c-cta c-cta--branded whitespace-nowrap mr-2" data-no-instant> Create account </a> </div> </div> </div> </header> <div class="hamburger"> <div class="hamburger__content"> <header class="hamburger__content__header"> <h2 class="fs-l fw-bold flex-1 break-word lh-tight">DEV Community</h2> <button class="c-btn c-btn--icon-alone js-hamburger-trigger shrink-0" aria-label="Close"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="ag6pfzt63y5929shnlif0e2y611ah0h" aria-hidden="true" class="crayons-icon c-btn__icon"><title id="ag6pfzt63y5929shnlif0e2y611ah0h">Close</title><path d="M12 10.586l4.95-4.95 1.414 1.414-4.95 4.95 4.95 4.95-1.414 1.414-4.95-4.95-4.95 4.95-1.414-1.414 4.95-4.95-4.95-4.95L7.05 5.636l4.95 4.95z"></path></svg> </button> </header> <div class="p-2 js-navigation-links-container" id="authentication-hamburger-actions"> </div> </div> <div class="hamburger__overlay js-hamburger-trigger"></div> </div> <div id="active-broadcast" class="broadcast-wrapper"></div> <div id="page-content" class="wrapper stories stories-show articletag-owasp articletag-applicationsecurity articletag-cornucopia articletag-cybersecurity articleuser-1603787 articleorg-3468" data-current-page="stories-show"> <div id="page-content-inner" data-internal-nav="false"> <div id="page-route-change" class="screen-reader-only" aria-live="polite" aria-atomic="true"></div> <link rel="prefetch" href="/reactions?article_id=1883257"> <style> .html-variant-wrapper { display: none} </style> <script src="https://unpkg.com/@webcomponents/webcomponentsjs@2.2.10/webcomponents-loader.js" integrity="sha384-3HK5hxQbkFqOIxMbpROlRmRtYl2LBZ52t+tqcjzsmr9NJuOWQxl8RgQSyFvq2lhy" crossorigin="anonymous" defer></script> <script src="https://assets.dev.to/assets/webShare-0686f0b9ac40589694ef6ae6a6202c44119bc781c254f6cf6d52d8a008461156.js" defer="defer"></script> <script src="https://assets.dev.to/assets/articlePage-e91bed0487621b06608474cfabffa186165e1f43f05b24581203ccc21e7aa45d.js" defer="defer"></script> <script src="https://assets.dev.to/assets/commentDropdowns-7a28d130e5b78d38b30a9495a964003a66bd64fa455fc70b766d69cf06b9ba24.js" defer="defer"></script> <script type="application/ld+json"> {"@context":"http://schema.org","@type":"Article","mainEntityOfPage":{"@type":"WebPage","@id":"https://dev.to/owasp/owaspr-cornucopia-20-3p46"},"url":"https://dev.to/owasp/owaspr-cornucopia-20-3p46","image":["https://media2.dev.to/dynamic/image/width=1080,height=1080,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg","https://media2.dev.to/dynamic/image/width=1280,height=720,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg","https://media2.dev.to/dynamic/image/width=1600,height=900,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg"],"publisher":{"@context":"http://schema.org","@type":"Organization","name":"DEV Community","logo":{"@context":"http://schema.org","@type":"ImageObject","url":"https://media2.dev.to/dynamic/image/width=192,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png","width":"192","height":"192"}},"headline":"OWASP® Cornucopia 2.0","author":{"@context":"http://schema.org","@type":"Person","url":"https://dev.to/sydseter","name":"johan sydseter"},"datePublished":"2024-06-10T13:23:30Z","dateModified":"2025-02-18T16:35:00Z"} </script> <div class="crayons-layout crayons-layout--3-cols crayons-layout--article"> <aside class="crayons-layout__sidebar-left" aria-label="Article actions"> <div class="crayons-article-actions print-hidden"> <div class="crayons-article-actions__inner"> <div class="reaction-drawer__outer hoverdown" style=""> <button id="reaction-drawer-trigger" aria-label="reaction-drawer-trigger" aria-pressed="false" class="hoverdown-trigger crayons-reaction pseudo-reaction crayons-tooltip__activator relative"> <span class="crayons-reaction__icon crayons-reaction__icon--borderless crayons-reaction--like crayons-reaction__icon--inactive" style="width: 40px; height: 40px"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" role="img" aria-hidden="true" class="crayons-icon"> <g clip-path="url(#clip0_988_3276)"> <path d="M19 14V17H22V19H18.999L19 22H17L16.999 19H14V17H17V14H19ZM20.243 4.75698C22.505 7.02498 22.583 10.637 20.479 12.992L19.059 11.574C20.39 10.05 20.32 7.65998 18.827 6.16998C17.324 4.67098 14.907 4.60698 13.337 6.01698L12.002 7.21498L10.666 6.01798C9.09103 4.60598 6.67503 4.66798 5.17203 6.17198C3.68203 7.66198 3.60703 10.047 4.98003 11.623L13.412 20.069L12 21.485L3.52003 12.993C1.41603 10.637 1.49503 7.01898 3.75603 4.75698C6.02103 2.49298 9.64403 2.41698 12 4.52898C14.349 2.41998 17.979 2.48998 20.242 4.75698H20.243Z" fill="#525252"></path> </g> <defs> <clipPath id="clip0_988_3276"> <rect width="24" height="24" fill="white"></rect> </clipPath> </defs> </svg> </span> <span class="crayons-reaction__icon crayons-reaction__icon--borderless crayons-reaction__icon--active" style="width: 40px; height: 40px"> <img aria_hidden="true" height="24" width="24" src="https://assets.dev.to/assets/heart-plus-active-9ea3b22f2bc311281db911d416166c5f430636e76b15cd5df6b3b841d830eefa.svg" /> </span> <span class="crayons-reaction__count" id="reaction_total_count"> <span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span> </span> <span class="crayons-tooltip__content"> Add reaction </span> </button> <div class="reaction-drawer" aria-expanded="false"> <div class="reaction-drawer__container"> <button id="reaction-butt-like" name="Like" aria-label="Like" aria-pressed="false" class="crayons-reaction crayons-tooltip__activator relative pt-2 pr-2 pb-1 pl-2" data-category="like"> <span class="crayons-reaction__icon crayons-reaction__icon--inactive p-0"> <img aria_hidden="true" height="32" width="32" src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" /> </span> <span class="crayons-reaction__count" id="reaction-number-like"><span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span></span> <span data-testid="tooltip" class="crayons-tooltip__content"> Like </span> </button> <button id="reaction-butt-unicorn" name="Unicorn" aria-label="Unicorn" aria-pressed="false" class="crayons-reaction crayons-tooltip__activator relative pt-2 pr-2 pb-1 pl-2" data-category="unicorn"> <span class="crayons-reaction__icon crayons-reaction__icon--inactive p-0"> <img aria_hidden="true" height="32" width="32" src="https://assets.dev.to/assets/multi-unicorn-b44d6f8c23cdd00964192bedc38af3e82463978aa611b4365bd33a0f1f4f3e97.svg" /> </span> <span class="crayons-reaction__count" id="reaction-number-unicorn"><span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span></span> <span data-testid="tooltip" class="crayons-tooltip__content"> Unicorn </span> </button> <button id="reaction-butt-exploding_head" name="Exploding Head" aria-label="Exploding Head" aria-pressed="false" class="crayons-reaction crayons-tooltip__activator relative pt-2 pr-2 pb-1 pl-2" data-category="exploding_head"> <span class="crayons-reaction__icon crayons-reaction__icon--inactive p-0"> <img aria_hidden="true" height="32" width="32" src="https://assets.dev.to/assets/exploding-head-daceb38d627e6ae9b730f36a1e390fca556a4289d5a41abb2c35068ad3e2c4b5.svg" /> </span> <span class="crayons-reaction__count" id="reaction-number-exploding_head"><span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span></span> <span data-testid="tooltip" class="crayons-tooltip__content"> Exploding Head </span> </button> <button id="reaction-butt-raised_hands" name="Raised Hands" aria-label="Raised Hands" aria-pressed="false" class="crayons-reaction crayons-tooltip__activator relative pt-2 pr-2 pb-1 pl-2" data-category="raised_hands"> <span class="crayons-reaction__icon crayons-reaction__icon--inactive p-0"> <img aria_hidden="true" height="32" width="32" src="https://assets.dev.to/assets/raised-hands-74b2099fd66a39f2d7eed9305ee0f4553df0eb7b4f11b01b6b1b499973048fe5.svg" /> </span> <span class="crayons-reaction__count" id="reaction-number-raised_hands"><span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span></span> <span data-testid="tooltip" class="crayons-tooltip__content"> Raised Hands </span> </button> <button id="reaction-butt-fire" name="Fire" aria-label="Fire" aria-pressed="false" class="crayons-reaction crayons-tooltip__activator relative pt-2 pr-2 pb-1 pl-2" data-category="fire"> <span class="crayons-reaction__icon crayons-reaction__icon--inactive p-0"> <img aria_hidden="true" height="32" width="32" src="https://assets.dev.to/assets/fire-f60e7a582391810302117f987b22a8ef04a2fe0df7e3258a5f49332df1cec71e.svg" /> </span> <span class="crayons-reaction__count" id="reaction-number-fire"><span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span></span> <span data-testid="tooltip" class="crayons-tooltip__content"> Fire </span> </button> </div> </div> </div> <button id="reaction-butt-comment" aria-label="Jump to Comments" aria-pressed="false" class="crayons-reaction crayons-reaction--comment crayons-tooltip__activator relative" data-category="comment"> <span class="crayons-reaction__icon crayons-reaction__icon--borderless crayons-reaction__icon--inactive"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-hidden="true" class="crayons-icon"> <path d="M10 3h4a8 8 0 010 16v3.5c-5-2-12-5-12-11.5a8 8 0 018-8zm2 14h2a6 6 0 000-12h-4a6 6 0 00-6 6c0 3.61 2.462 5.966 8 8.48V17z"></path> </svg> </span> <span class="crayons-reaction__count" id="reaction-number-comment" data-count="1"> <span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span> </span> <span data-testid="tooltip" class="crayons-tooltip__content"> Jump to Comments </span> </button> <button id="reaction-butt-readinglist" aria-label="Add to reading list" aria-pressed="false" class="crayons-reaction crayons-reaction--readinglist crayons-tooltip__activator relative" data-category="readinglist"> <span class="crayons-reaction__icon crayons-reaction__icon--borderless crayons-reaction__icon--inactive"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-hidden="true" class="crayons-icon"> <path d="M5 2h14a1 1 0 011 1v19.143a.5.5 0 01-.766.424L12 18.03l-7.234 4.536A.5.5 0 014 22.143V3a1 1 0 011-1zm13 2H6v15.432l6-3.761 6 3.761V4z"></path> </svg> </span> <span class="crayons-reaction__count" id="reaction-number-readinglist"><span class="bg-base-40 opacity-25 p-2 inline-block radius-default"></span></span> <span data-testid="tooltip" class="crayons-tooltip__content"> Save </span> </button> <button id="reaction-butt-boost" aria-label="Boost" aria-pressed="false" class="crayons-reaction crayons-reaction--boost crayons-tooltip__activator relative"> <span class="crayons-reaction__icon crayons-reaction__icon--borderless crayons-reaction__icon--inactive"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="currentColor" role="img" aria-hidden="true" class="crayons-icon" width="24" height="24"> <path transform="translate(24,0) scale(-1,1)" d="M6 4H21C21.5523 4 22 4.44772 22 5V12H20V6H6V9L1 5L6 1V4ZM18 20H3C2.44772 20 2 19.5523 2 19V12H4V18H18V15L23 19L18 23V20Z"></path> </svg> </span> <span data-testid="tooltip" class="crayons-tooltip__content"> Boost </span> </button> <div class="only-sidebar-menu-item"> <div id="mod-actions-menu-btn-area" class="print-hidden trusted-visible-block align-center"> </div> </div> <div class="align-center m:relative"> <button id="article-show-more-button" aria-controls="article-show-more-dropdown" aria-expanded="false" aria-haspopup="true" class="dropbtn crayons-btn crayons-btn--ghost-dimmed crayons-btn--icon-rounded" aria-label="Share post options"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" role="img" aria-labelledby="ai1u42mi8zhzjvgm8dnoz2jg51nuiwlm" aria-hidden="true" class="crayons-icon dropdown-icon"><title id="ai1u42mi8zhzjvgm8dnoz2jg51nuiwlm">More...</title><path fill-rule="evenodd" clip-rule="evenodd" d="M7 12a2 2 0 11-4 0 2 2 0 014 0zm7 0a2 2 0 11-4 0 2 2 0 014 0zm5 2a2 2 0 100-4 2 2 0 000 4z"></path></svg> </button> <div id="article-show-more-dropdown" class="crayons-dropdown side-bar left-2 right-2 m:right-auto m:left-100 s:left-auto mb-1 m:mb-0 top-unset bottom-100 m:top-0 m:bottom-unset"> <div class="only-mobile-menu-item"> <button class="mod-actions-menu-btn crayons-link crayons-link--block w-100 bg-transparent border-0 fw-bold"> Moderate </button> </div> <div> <button id="copy-post-url-button" class="flex justify-between crayons-link crayons-link--block w-100 bg-transparent border-0" data-postUrl="https://dev.to/owasp/owaspr-cornucopia-20-3p46"> <span class="fw-bold">Copy link</span> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" id="article-copy-icon" role="img" aria-labelledby="at0wjn1byvjsnvc6zuvc4cdx5v6umy0e" aria-hidden="true" class="crayons-icon mx-2 shrink-0"><title id="at0wjn1byvjsnvc6zuvc4cdx5v6umy0e">Copy link</title> <path d="M7 6V3a1 1 0 011-1h12a1 1 0 011 1v14a1 1 0 01-1 1h-3v3c0 .552-.45 1-1.007 1H4.007A1 1 0 013 21l.003-14c0-.552.45-1 1.007-1H7zm2 0h8v10h2V4H9v2zm-2 5v2h6v-2H7zm0 4v2h6v-2H7z"></path> </svg> </button> <div id="article-copy-link-announcer" aria-live="polite" class="crayons-notice crayons-notice--success my-2 p-1" aria-live="polite" hidden>Copied to Clipboard</div> </div> <div class="Desktop-only"> <a target="_blank" class="crayons-link crayons-link--block" rel="noopener" href='https://twitter.com/intent/tweet?text=%22OWASP%C2%AE%20Cornucopia%202.0%22%20by%20%40JSydseter%20%23DEVCommunity%20https%3A%2F%2Fdev.to%2Fowasp%2Fowaspr-cornucopia-20-3p46'> Share to X </a> <a target="_blank" class="crayons-link crayons-link--block" rel="noopener" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fdev.to%2Fowasp%2Fowaspr-cornucopia-20-3p46&title=OWASP%C2%AE%20Cornucopia%202.0&summary=I%20started%20out%20as%20a%20web%20designer%2016%20years%20ago%20and%20my%20first%20website%20got%20brutally%20hacked%2C%20not...&source=DEV%20Community"> Share to LinkedIn </a> <a target="_blank" class="crayons-link crayons-link--block" rel="noopener" href="https://www.facebook.com/sharer.php?u=https%3A%2F%2Fdev.to%2Fowasp%2Fowaspr-cornucopia-20-3p46"> Share to Facebook </a> <a target="_blank" class="crayons-link crayons-link--block" rel="noopener" href="https://toot.kytta.dev/?text=https%3A%2F%2Fdev.to%2Fowasp%2Fowaspr-cornucopia-20-3p46"> Share to Mastodon </a> </div> <web-share-wrapper shareurl="https://dev.to/owasp/owaspr-cornucopia-20-3p46" sharetitle="OWASP® Cornucopia 2.0" sharetext="I started out as a web designer 16 years ago and my first website got brutally hacked, not..." template="web-share-button"> </web-share-wrapper> <template id="web-share-button"> <a href="#" class="dropdown-link-row crayons-link crayons-link--block">Share Post via...</a> </template> <a href="/report-abuse" class="crayons-link crayons-link--block">Report Abuse</a> </div> </div> </div> </div> </aside> <main id="main-content" class="crayons-layout__content grid gap-4"> <div class="article-wrapper"> <article class="crayons-card crayons-article mb-4" id="article-show-container" data-article-id="1883257" data-article-slug="owaspr-cornucopia-20-3p46" data-author-id="1603787" data-author-name="johan sydseter" data-author-username="owasp" data-co-author-ids="" data-path="/owasp/owaspr-cornucopia-20-3p46" data-pin-path="/stories/feed/pinned_article" data-pinned-article-id="" data-published="true" data-scheduled="false" lang=en > <header class="crayons-article__header" id="main-title"> <a class="crayons-article__cover" href="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg"> <img src="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg" style="aspect-ratio: auto 1000 / 420;" width="1000" height="420" class="crayons-article__cover__image" alt="Cover image for OWASP® Cornucopia 2.0"> </a> <div class="crayons-article__header__meta"> <div class="flex s:items-start flex-col s:flex-row"> <div id="action-space" class="crayons-article__actions mb-4 s:mb-0 s:order-last"></div> <div class="flex flex-1 mb-5 items-start"> <div class="relative"> <a href="/owasp"><img src="https://media2.dev.to/dynamic/image/width=50,height=50,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F3468%2F0b3561bb-9ac3-413f-baaa-5014181e4b4d.jpg" class="radius-default align-middle" width="40" height="40" alt="OWASP® Foundation profile image"></a> <a href="/sydseter" class="absolute -right-2 -bottom-2 radius-full border border-solid border-2 border-base-inverted inline-flex"> <img class="radius-full align-middle" src="https://media2.dev.to/dynamic/image/width=50,height=50,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1603787%2F6be93ba3-b2fd-4da5-a217-8ee7d88bf1e6.png" width="24" height="24" alt="johan sydseter" /> </a> </div> <div class="pl-3 flex-1"> <a href="/sydseter" class="crayons-link fw-bold">johan sydseter</a> <span class="color-base-60"> for </span><a href="/owasp" class="crayons-link">OWASP® Foundation</a> <p class="fs-xs color-base-60"> Posted on <time datetime="2024-06-10T13:23:30Z" class="date">Jun 10, 2024</time> &bull; Edited on <time datetime="2025-02-18T16:35:00Z" class="date-no-year">Feb 18</time> &bull; Originally published at <a style="color:#1395b8" href="https://cornucopia.owasp.org/news/20240609-owasp-cornucopia20">cornucopia.owasp.org</a> </p> </div> </div> </div> <div class="multiple_reactions_engagement"> <span class="reaction_engagement_like hidden"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="24" height="24" /> <span id="reaction_engagement_like_count">&nbsp;</span> </span> <span class="reaction_engagement_unicorn hidden"> <img src="https://assets.dev.to/assets/multi-unicorn-b44d6f8c23cdd00964192bedc38af3e82463978aa611b4365bd33a0f1f4f3e97.svg" width="24" height="24" /> <span id="reaction_engagement_unicorn_count">&nbsp;</span> </span> <span class="reaction_engagement_exploding_head hidden"> <img src="https://assets.dev.to/assets/exploding-head-daceb38d627e6ae9b730f36a1e390fca556a4289d5a41abb2c35068ad3e2c4b5.svg" width="24" height="24" /> <span id="reaction_engagement_exploding_head_count">&nbsp;</span> </span> <span class="reaction_engagement_raised_hands hidden"> <img src="https://assets.dev.to/assets/raised-hands-74b2099fd66a39f2d7eed9305ee0f4553df0eb7b4f11b01b6b1b499973048fe5.svg" width="24" height="24" /> <span id="reaction_engagement_raised_hands_count">&nbsp;</span> </span> <span class="reaction_engagement_fire hidden"> <img src="https://assets.dev.to/assets/fire-f60e7a582391810302117f987b22a8ef04a2fe0df7e3258a5f49332df1cec71e.svg" width="24" height="24" /> <span id="reaction_engagement_fire_count">&nbsp;</span> </span> </div> <h1 class=" fs-3xl m:fs-4xl l:fs-5xl fw-bold s:fw-heavy lh-tight mb-2 short"> OWASP® Cornucopia 2.0 </h1> <div class="spec__tags flex flex-wrap"> <a class="crayons-tag " style=" --tag-bg: rgba(59, 73, 223, 0.10); --tag-prefix: #3b49df; --tag-bg-hover: rgba(59, 73, 223, 0.10); --tag-prefix-hover: #3b49df; " href="/t/owasp"><span class="crayons-tag__prefix">#</span>owasp</a> <a class="crayons-tag " style=" --tag-bg: rgba(59, 73, 223, 0.10); --tag-prefix: #3b49df; --tag-bg-hover: rgba(59, 73, 223, 0.10); --tag-prefix-hover: #3b49df; " href="/t/applicationsecurity"><span class="crayons-tag__prefix">#</span>applicationsecurity</a> <a class="crayons-tag " style=" --tag-bg: rgba(59, 73, 223, 0.10); --tag-prefix: #3b49df; --tag-bg-hover: rgba(59, 73, 223, 0.10); --tag-prefix-hover: #3b49df; " href="/t/cornucopia"><span class="crayons-tag__prefix">#</span>cornucopia</a> <a class="crayons-tag " style=" --tag-bg: rgba(227, 255, 0, 0.10); --tag-prefix: #e3ff00; --tag-bg-hover: rgba(227, 255, 0, 0.10); --tag-prefix-hover: #e3ff00; " href="/t/cybersecurity"><span class="crayons-tag__prefix">#</span>cybersecurity</a> </div> </div> </header> <div class="crayons-article__main "> <nav class="series-switcher crayons-card crayons-card--secondary"> <header class="crayons-card__header"> <h2 class="crayons-subtitle-2"> <a href="/sydseter/series/30388">OWASP Cornucopia (5 Part Series)</a> </h2> </header> <div class="series-switcher__list"> <a href="/owasp/owaspr-cornucopia-20-3p46" class="crayons-link crayons-link--contentful series-switcher__link series-switcher__link--active " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg" title="Published Jun 10 &#39;24"> <span class="series-switcher__num">1</span> <span class="series-switcher__title">OWASP® Cornucopia 2.0</span> </a> <a href="/owasp/create-your-own-card-game-with-owaspr-cornucopia-2a9j" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftpl8sqxagozs5l1ddq84.jpg" title="Published Jun 17 &#39;24"> <span class="series-switcher__num">2</span> <span class="series-switcher__title">Create your own card game with OWASP® Cornucopia</span> </a> <a href="/owasp/how-to-do-threat-modeling-for-agile-mobile-app-development-28ki" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd3vpwd32npkgt078zrio.gif" title="Published Feb 6"> <span class="series-switcher__num">3</span> <span class="series-switcher__title">How to do threat modeling for agile mobile app development?</span> </a> <a href="/owasp/how-to-pass-the-owasp-masvs-verification-by-design-2cf9" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbnowo8weds3w40gx89of.jpg" title="Published Feb 14"> <span class="series-switcher__num">4</span> <span class="series-switcher__title">How to pass the OWASP MASVS verification by design</span> </a> <a href="/owasp/owaspr-cornucopia-website-app-21-mobile-app-11-2fj3" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhcoh0vux1873mchspiew.gif" title="Published Feb 14"> <span class="series-switcher__num">5</span> <span class="series-switcher__title">OWASP® Cornucopia Website App 2.1 &amp; Mobile App 1.1!</span> </a> </div> </nav> <div class="crayons-article__body text-styles spec__body" data-article-id="1883257" id="article-body"> <h2> <a name="i-started-out-as-a-web-designer-16-years-ago-and-my-first-website-got-brutally-hacked-not-once-but-three-times-i-learned-the-hard-way-about-the-importance-of-threat-modeling-and-having%C2%A0backups" href="#i-started-out-as-a-web-designer-16-years-ago-and-my-first-website-got-brutally-hacked-not-once-but-three-times-i-learned-the-hard-way-about-the-importance-of-threat-modeling-and-having%C2%A0backups"> </a> <em>I started out as a web designer 16 years ago and my first website got brutally hacked, not once, but three times. I learned the hard way about the importance of threat modeling and having backups.</em> </h2> <p><a href="https://github.com/OWASP/cornucopia/releases/tag/v2.0.0" target="_blank" rel="noopener noreferrer">OWASP® Cornucopia 2.0</a></p> <p>Today, as one of the co-leaders for OWASP® Cornucopia together with Colin Watson and and Grant Ongers, I am very proud to share that we finally, with lots of help from contributors, supporters and backers and OWASPs hardworking employees are releasing OWASP® Cornucopia 2.0.</p> <p>Why is this important and why should you care about this? First of all, as Adam Shostack would put it..</p> <blockquote> <p>“You never are going to have a better time than when people are having fun and talking to you.”</p> </blockquote> <p>OWASP® Cornucopia is a threat modeling tool in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It strives to be language, platform and technology-agnostic.</p> <p>It’s one of the few tools that connects threat modeling with OWASP ASVS, MASVS, MASTG, SAFECode, SCP and CAPEC and helps to identify security requirements, come up with a security design and a threat model without any prior knowledge of any of this.</p> <p><strong><em>How? OWASP® Cornucopia is open, democratic and agile, and that’s why it works.</em></strong></p> <p>At Admincontrol, we had been struggling for quite a while to get all our teams to do regularly threat-modeling sessions. It’s not that we weren’t able to do them it’s more that we didn’t see <strong>active participation</strong> during our threat modeling sessions. Either I would be the only one talking or I would be the only one coming up with threats and mitigations during the threat modeling sessions.<br><br> The initiative always had to come from me. If I didn’t take the initiative for the sessions, they wouldn’t happen. But we thought that it’s not like everybody has the same experience and knowledge about threat modeling.<br><br> Perhaps the teams lack training and knowledge about threat modeling? Perhaps it’s normal that not everybody can’t participate equally?<br><br> So we tried to increase and spread the knowledge about threat modeling, but no matter what we would do, it wouldn’t change the nature of the sessions.<br><br> We did <strong>presentations</strong> on threat modeling.<br><br> We <strong>trained</strong> security champions in doing threat modeling.<br><br> We attended a large amount of <strong>follow-up meetings</strong> and <strong>online sessions</strong> together with the teams.<br><br> We did threat-modeling on the <strong>weekly security forums</strong>.<br><br> We even submitted ISO 27001 ISMS security incidents on non-compliance to the project managers.</p> <p><strong><em>At a certain point I just had enough.</em></strong></p> <p>I remember, I was in a session together with one of the teams and It was like I was watching myself from the outside of my body while I was talking, saying the exact same thing I had said 100 times before and I could see one of the poor people participating, falling asleep, while I was talking.</p> <p>If you have people in the meeting falling asleep, then that is not their fault, doesn’t matter how little they may have slept the night before really, because if you have the people in your meeting engaged and in a dialog with you, then that won’t happen. So that was on me, I had fallen in the trap of starting lecturing the people in the sessions. If anybody here have kids you may have experienced that if you start lecturing them, they very rarely listen, but lecturing adults is not only stupid it’s also disrespectful. If you want engaging and meaningful conversations you need active participation from all parties.</p> <p>So I wanted participation in the meetings. I wanted the teams to take the initiative and I wanted the people participating to learn something from them and take something with them back.</p> <p>Now, after having used OWASP® Cornucopia for awhile, I can say that we have a lot more conversations during our threat modeling sessions then we used to. The teams themselves takes the initiative for threat modeling creates the threat models and come up with the threats that they need to mitigate. They take a lot more ownership, not only over the security requirement gathering and security design, but the functional testers have also started to do a lot more penetration testing. We are not that dependent any longer on having an external company doing penetration testing for us, and we are discovering more security issues earlier during development. thereby, reducing time to market and the number of defects found after the release.</p> <p>From having these Cornucopia sessions we have learned that delegation of security requirement gathering, threat modeling and security planning is possible. The less we intervene, the better the overall quality of the sessions. As we are able to delegate the threat modeling to the teams we get an increased capacity for process improvement, facilitation, and we decrease the time-to-marked and number of production defects. From having these sessions we have also learned that everyone can actively participate regardless of their knowledge and experience, even the QA testers and project managers scores points and win rounds for threats in the game. And it can be fun too!</p> <p><em><strong>But what about the <a href="https://github.com/OWASP/cornucopia/releases/tag/v2.0.0" target="_blank" rel="noopener noreferrer">OWASP® Cornucopia 2.0 release</a>?</strong></em></p> <p>Firstly, the formerly called “Cornucopia — Ecommerce Website Edition” is now called “Cornucopia — Website App Edition”. This edition was originally created in August 2012, released as v1.0 in February 2013 and has previously undergone a number of minor updates/releases in the following ten years. This has been substantially updated in today’s release of v2.0, in which the most noticeable change has been to update the OWASP ASVS mapping from ASVS v3.0 to v4.0. Further work on the data and code to generate the files for the cards themselves, the cases and folded leaflet and the legacy guide document has been undertaken, and this code also generates cards/cases/leaflets in two physical sizes. The smaller is often referred to as “bridge-sized cards” and the larger as “Tarot-sized cards”. All these v2.0 files are immediately available in six languages (EN, ES, FR, NL, NO-NB and PT-BR) due to efforts of past and current volunteers.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvz2i6z6zyzyleuq6d2gx.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvz2i6z6zyzyleuq6d2gx.jpg" alt="The new Website App Edition comes in two sizes: bridge and tarot" loading="lazy" width="800" height="400"></a></p> <p>Secondly, as a result of other significant effort, there is now a completely new edition for threat modelling mobile apps. This “Cornucopia — Mobile App Edition” is released as v1.0 and is mapped to the OWASP Mobile Application Security Verification Standard (MASVS v2.0) and OWASP Mobile Application Security Testing Guide (MASTG) v1.7, and is available, initially, in one language (EN), and in two physical sizes. Like the original, this completely new edition of Cornucopia also has six suits of 13 cards plus two jokers, with the suit names drawn from MASVS: Platform &amp; Code (PC), Authentication &amp; Authorization (AA), Network &amp; Storage (NS), Resilience (RS), Cryptography (CRM) and Cornucopia (COM).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwf2dyo10lxf6jaacumlr.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwf2dyo10lxf6jaacumlr.jpg" alt="The new Cornucopia Mobile App Edition 1.0" loading="lazy" width="800" height="400"></a></p> <p>The new Cornucopia Mobile App Edition 1.0</p> <p>Both releases also have newly updated case designs.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdly8j37to2f6czbt5ely.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdly8j37to2f6czbt5ely.jpg" alt="Two new Cornucopia case designs" loading="lazy" width="800" height="400"></a></p> <p>Two new Cornucopia case designs</p> <p>Finally, we are releasing a brand new website called “Copi”, available from <a href="https://copi.owasp.org" target="_blank" rel="noopener noreferrer">https://copi.owasp.org</a> for online collaboration and gaming where you and your team can play both these games even if you are present in different locations.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxrl8t596c3ejyogw8qrn.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxrl8t596c3ejyogw8qrn.PNG" alt="https://copi.owasp.org" loading="lazy" width="800" height="370"></a></p> <p>You can download printable files from <a href="https://github.com/OWASP/cornucopia/releases/tag/v2.0.0" target="_blank" rel="noopener noreferrer">https://github.com/OWASP/cornucopia/releases/tag/v2.0.0</a></p> <p>We thank everyone who has contributed to OWASP® Cornucopia over the years, without whom these latest releases would not have been possible.</p> <p>For more information about OWASP® Cornucopia, please visit: <a href="https://cornucopia.owasp.org/" target="_blank" rel="noopener noreferrer">https://cornucopia.owasp.org/</a></p> <p>Later this month OWASP® Cornucopia is taking part in the project showcase track at <a href="https://owaspglobalappseclisbon2024.sched.com/event/1dmvE/owasp-cornucopia" target="_blank" rel="noopener noreferrer">OWASP Global AppSec Lisbon 2024</a>.</p> <hr> <p>Learn how to play OWASP Cornucopia:</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/XXTPXozIHow" allowfullscreen loading="lazy"> </iframe> </p> <hr> <p><a href="https://owasp.org" target="_blank" rel="noopener noreferrer">OWASP</a> is a non-profit foundation that envisions a world with no more insecure software. Our mission is to be the global open community that powers secure software through education, tools, and collaboration. We maintain hundreds of open source projects, run industry-leading educational and training conferences, and meet through over 250 chapters worldwide.</p> </div> <nav class="series-switcher crayons-card crayons-card--secondary"> <header class="crayons-card__header"> <h2 class="crayons-subtitle-2"> <a href="/sydseter/series/30388">OWASP Cornucopia (5 Part Series)</a> </h2> </header> <div class="series-switcher__list"> <a href="/owasp/owaspr-cornucopia-20-3p46" class="crayons-link crayons-link--contentful series-switcher__link series-switcher__link--active " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feurilof1q1akw84nvgq4.jpg" title="Published Jun 10 &#39;24"> <span class="series-switcher__num">1</span> <span class="series-switcher__title">OWASP® Cornucopia 2.0</span> </a> <a href="/owasp/create-your-own-card-game-with-owaspr-cornucopia-2a9j" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftpl8sqxagozs5l1ddq84.jpg" title="Published Jun 17 &#39;24"> <span class="series-switcher__num">2</span> <span class="series-switcher__title">Create your own card game with OWASP® Cornucopia</span> </a> <a href="/owasp/how-to-do-threat-modeling-for-agile-mobile-app-development-28ki" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd3vpwd32npkgt078zrio.gif" title="Published Feb 6"> <span class="series-switcher__num">3</span> <span class="series-switcher__title">How to do threat modeling for agile mobile app development?</span> </a> <a href="/owasp/how-to-pass-the-owasp-masvs-verification-by-design-2cf9" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbnowo8weds3w40gx89of.jpg" title="Published Feb 14"> <span class="series-switcher__num">4</span> <span class="series-switcher__title">How to pass the OWASP MASVS verification by design</span> </a> <a href="/owasp/owaspr-cornucopia-website-app-21-mobile-app-11-2fj3" class="crayons-link crayons-link--contentful series-switcher__link " data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhcoh0vux1873mchspiew.gif" title="Published Feb 14"> <span class="series-switcher__num">5</span> <span class="series-switcher__title">OWASP® Cornucopia Website App 2.1 &amp; Mobile App 1.1!</span> </a> </div> </nav> <div class="js-billboard-container body-billboard-container" data-async-url="/owasp/owaspr-cornucopia-20-3p46/bb-2/post_body_bottom"></div> </div> <section id="comments" data-follow-button-container="true" data-updated-at="2025-02-21 08:06:30 UTC" class="text-padding mb-4 border-t-1 border-0 border-solid border-base-10"> <header class="relative flex justify-between items-center mb-6"> <div class="flex items-center"> <h2 class="crayons-subtitle-1"> Top comments <span class="js-comments-count" data-comments-count="1">(1)</span> </h2> </div> <div id="comment-subscription" class="print-hidden"> <div class="crayons-btn-group"> <span class="crayons-btn crayons-btn--outlined">Subscribe</span> </div> </div> </header> <div id="billboard_delay_trigger"></div> <div id="comments-container" data-testid="comments-container" data-commentable-id="1883257" data-commentable-type="Article" data-has-recent-comment-activity="false"> <div id="response-templates-data" class="hidden"></div> <form class="comment-form print-hidden" id="new_comment" action="/comments" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="&#x2713;" autocomplete="off" /> <input type="hidden" name="authenticity_token" value="NOTHING" id="new_comment_authenticity_token"> <input value="1883257" autocomplete="off" type="hidden" name="comment[commentable_id]" id="comment_commentable_id" /> <input value="Article" autocomplete="off" type="hidden" name="comment[commentable_type]" id="comment_commentable_type" /> <span class="crayons-avatar m:crayons-avatar--l mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=256,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png" width="32" height="32" alt="pic" class="crayons-avatar__image overflow-hidden" id="comment-primary-user-profile--avatar" loading="lazy" /> </span> <div class="comment-form__inner"> <div class="comment-form__field" data-tracking-name="comment_form_textfield"> <textarea placeholder="Add to the discussion" onfocus="handleFocus(event)" onkeyup="handleKeyUp(event)" onkeydown="handleKeyDown(event)" oninput="handleChange(event)" id="text-area" required="required" class="crayons-textfield comment-textarea crayons-textfield--ghost" aria-label="Add a comment to the discussion" name="comment[body_markdown]"> </textarea> </div> <div class="response-templates-container crayons-card crayons-card--secondary p-4 mb-4 comment-form__templates fs-base hidden"> <header class="mb-3"> <button type="button" class="crayons-btn personal-template-button active" data-target-type="personal" data-form-id="new_comment">Personal</button> <button type="button" class="crayons-btn moderator-template-button hidden" data-target-type="moderator" data-form-id="new_comment">Trusted User</button> </header> <div class="personal-responses-container"> </div> <div class="moderator-responses-container hidden"> </div> <a target="_blank" rel="noopener nofollow" href="/settings/response-templates"> Create template </a> <p>Templates let you quickly answer FAQs or store snippets for re-use.</p> </div> <div class="comment-form__preview text-styles text-styles--secondary" id="preview-div"></div> <div class="comment-form__buttons mb-4"> <button type="submit" class="crayons-btn mr-2 js-btn-enable" onclick="validateField(event)" data-tracking-name="comment_submit_button" disabled>Submit</button> <button type="button" class="preview-toggle crayons-btn crayons-btn--secondary comment-action-preview js-btn-enable mr-2" data-tracking-name="comment_preview_button" disabled>Preview</button> <a href="/404.html" class="dismiss-edit-comment crayons-btn crayons-btn--ghost js-btn-dismiss hidden">Dismiss</a> </div> </div> <div class="code-of-conduct" id="toggle-code-of-conduct-checkbox"></div> </form> <div class="comments" id="comment-trees-container"> <details class="comment-wrapper js-comment-wrapper comment-wrapper--deep-0 root " open> <summary aria-label="Toggle this comment (and replies)" data-tracking-name="expand_comment_toggle"> <span class="m:mx-1 inline-block align-middle"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="agmcuhhpwt9fmy9lt8xpw5dtsfy4vmji" class="crayons-icon expanded"><title id="agmcuhhpwt9fmy9lt8xpw5dtsfy4vmji">Collapse</title> <path d="M12 10.677L8 6.935 9 6l3 2.807L15 6l1 .935-4 3.742zm0 4.517L9 18l-1-.935 4-3.742 4 3.742-1 .934-3-2.805z"></path> </svg> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="a1p8kaqnxer2odxeqs7n89gsrdqucqnt" class="crayons-icon collapsed"><title id="a1p8kaqnxer2odxeqs7n89gsrdqucqnt">Expand</title> <path d="M12 18l-4-3.771 1-.943 3 2.829 3-2.829 1 .943L12 18zm0-10.115l-3 2.829-1-.943L12 6l4 3.771-1 .942-3-2.828z"></path> </svg> </span> <span class="js-collapse-comment-content inline-block align-middle"></span> </summary> <div id="comment-node-1192119" class=" comment single-comment-node root comment--deep-0 " data-comment-id="1192119" data-path="/owasp/owaspr-cornucopia-20-3p46/comments/2flcj" data-comment-author-id="264" data-content-user-id="264"> <a name="comment-2flcj" style="position: absolute; top: -8px;">&nbsp;</a> <div class="comment__inner"> <a href="https://dev.to/jess" class="shrink-0 crayons-avatar m:crayons-avatar--l mt-4 m:mt-3"> <img class="crayons-avatar__image" width="32" height="32" src="https://media2.dev.to/dynamic/image/width=50,height=50,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F264%2F40d89fb9-4de0-414d-8a06-f52ddda0bc75.jpg" alt="jess profile image" loading="lazy" /> </a> <div class="inner-comment comment__details"> <div class="comment__content crayons-card"> <div class="comment__header"> <a href="https://dev.to/jess" class="crayons-link crayons-link--secondary flex items-center fw-medium m:hidden"> <span class="js-comment-username">Jess Lee</span> </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:block"> <button id="comment-profile-preview-trigger-1192119" aria-controls="comment-profile-preview-content-1192119" class="profile-preview-card__trigger p-1 -my-1 -ml-1 crayons-btn crayons-btn--ghost" aria-label="Jess Lee profile details"> Jess Lee <a style="display: inline;" href="/++"><img alt="Subscriber" class="subscription-icon" src="https://assets.dev.to/assets/subscription-icon-805dfa7ac7dd660f07ed8d654877270825b07a92a03841aa99a1093bd00431b2.png" /></a> </button> <div id="comment-profile-preview-content-1192119" class="profile-preview-card__content p-4 pt-0 branded-7 crayons-dropdown" style="--card-color: #20908e; border-top-color: var(--card-color);" data-testid="profile-preview-card" data-repositioning-dropdown="true"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/jess" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F264%2F40d89fb9-4de0-414d-8a06-f52ddda0bc75.jpg" class="crayons-avatar__image" alt="" loading="lazy" /> </span> <span class="crayons-link crayons-subtitle-2 mt-5"> Jess Lee <img class="subscription-icon" src="https://assets.dev.to/assets/subscription-icon-805dfa7ac7dd660f07ed8d654877270825b07a92a03841aa99a1093bd00431b2.png" /> </span> </a> </div> <div class="print-hidden"> <button name="button" type="button" data-info="{&quot;className&quot;:&quot;User&quot;,&quot;style&quot;:&quot;&quot;,&quot;id&quot;:264,&quot;name&quot;:&quot;Jess Lee&quot;}" class="crayons-btn follow-action-button whitespace-nowrap w-100 follow-user" aria-label="Follow user: Jess Lee" aria-pressed="false">Follow</button> </div> <div class="color-base-70"> Building DEV and Forem with everyone here. Interested in the future. </div> <div class="user-metadata-details"> <ul class="user-metadata-details-inner"> <li> <div class="key"> Email </div> <div class="value"> <a href="mailto:jess@forem.com">jess@forem.com</a> </div> </li> <li> <div class="key"> Location </div> <div class="value"> Taiwan </div> </li> <li> <div class="key"> Pronouns </div> <div class="value"> she/her </div> </li> <li> <div class="key"> Work </div> <div class="value"> Co-Founder &amp; COO at Forem </div> </li> <li> <div class="key"> Joined </div> <div class="value"> <time datetime="2016-07-29T02:34:27Z" class="date">Jul 29, 2016</time> </div> </li> </ul> </div> </div> </div> </div> <span class="color-base-30 px-2 m:pl-0" role="presentation">&bull;</span> <a href="https://dev.to/owasp/owaspr-cornucopia-20-3p46#comment-2flcj" class="comment-date crayons-link crayons-link--secondary fs-s"> <time datetime="2024-06-10T15:39:08Z" class=date-short-year> Jun 10 &#39;24 </time> <span class="hidden m:inline-block">&bull; Edited on <time datetime="2024-06-10T15:39:16Z" class="date-no-year">Jun 10</time></span> <span class="m:hidden">&bull; Edited</span> </a> <div class="comment__dropdown" data-tracking-name="comment_dropdown"> <button id="comment-dropdown-trigger-1192119" aria-controls="comment-dropdown-1192119" aria-expanded="false" class="dropbtn comment__dropdown-trigger crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon " aria-label="Toggle dropdown menu" aria-haspopup="true"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="a38idrv4nectcy4p80s3r34w63n2awkd" class="crayons-icon pointer-events-none"><title id="a38idrv4nectcy4p80s3r34w63n2awkd">Dropdown menu</title> <path fill-rule="evenodd" clip-rule="evenodd" d="M8.25 12a1.5 1.5 0 11-3 0 1.5 1.5 0 013 0zm5.25 0a1.5 1.5 0 11-3 0 1.5 1.5 0 013 0zm3.75 1.5a1.5 1.5 0 100-3 1.5 1.5 0 000 3z"></path> </svg> </button> <div id="comment-dropdown-1192119" class="crayons-dropdown right-1 s:right-0 s:left-auto fs-base dropdown"> <ul class="m-0"> <li><a href="https://dev.to/owasp/owaspr-cornucopia-20-3p46#comment-2flcj" class="crayons-link crayons-link--block permalink-copybtn" aria-label="Copy link to Jess Lee&#39;s comment" data-no-instant>Copy link</a></li> <li class="comment-actions hidden" data-user-id="264" data-action="settings-button" data-path="https://dev.to/jess/comment/2flcj/settings" aria-label="Go to Jess Lee&#39;s comment settings"></li> <li class="comment-actions hidden" data-action="hide-button" data-commentable-user-id="1603787" data-user-id="264"> <button class="flex justify-between crayons-link crayons-link--block w-100 bg-transparent border-0 hide-comment" data-hide-type="hide" data-comment-id="1192119" data-comment-url="https://dev.to/jess/comment/2flcj" aria-label="Hide Jess Lee&#39;s comment"> Hide </button> </li> <li class="mod-actions hidden mod-actions-comment-button" data-path="https://dev.to/jess/comment/2flcj/mod" aria-label="Moderate Jess Lee&#39;s comment"></li> <li class="report-abuse-link-wrapper" data-path="/report-abuse?url=https://dev.to/jess/comment/2flcj" aria-label="Report Jess Lee&#39;s comment as abusive or violating our code of conduct and/or terms and conditions"></li> <li class="current-user-actions"></li> </ul> </div> </div> </div> <div class=" comment__body text-styles text-styles--secondary body "> <p>This is really cool, thank you for sharing. Congrats on the release!</p> </div> </div> <script> </script> <footer class="comment__footer print-hidden"> <button class="crayons-tooltip__activator crayons-btn crayons-btn--ghost crayons-btn--icon-left crayons-btn--s mr-1 reaction-like inline-flex reaction-button" id="button-for-comment-1192119" data-comment-id="1192119" aria-label="like" data-tracking-name="comment_heart_button"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" role="img" aria-labelledby="a5srssxe8f59x1a33gxapzj3tmxp0brd" class="crayons-icon reaction-icon not-reacted"><title id="a5srssxe8f59x1a33gxapzj3tmxp0brd">Like comment: </title><path d="M18.884 12.595l.01.011L12 19.5l-6.894-6.894.01-.01A4.875 4.875 0 0112 5.73a4.875 4.875 0 016.884 6.865zM6.431 7.037a3.375 3.375 0 000 4.773L12 17.38l5.569-5.569a3.375 3.375 0 10-4.773-4.773L9.613 10.22l-1.06-1.062 2.371-2.372a3.375 3.375 0 00-4.492.25v.001z"></path></svg> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="a506baqlcetfweiwm4xcvix8vn124zmo" class="crayons-icon crayons-icon reaction-icon--like reaction-icon reacted"><title id="a506baqlcetfweiwm4xcvix8vn124zmo">Like comment: </title> <path d="M5.116 12.595a4.875 4.875 0 015.56-7.68h-.002L7.493 8.098l1.06 1.061 3.181-3.182a4.875 4.875 0 016.895 6.894L12 19.5l-6.894-6.894.01-.01z"></path> </svg> <span class="reactions-count">2</span><span class="reactions-label hidden m:inline-block">&nbsp;likes</span> <span data-testid="tooltip" class="crayons-tooltip__content"> Like </span> </button> <a class="actions crayons-btn crayons-btn--ghost crayons-btn--s crayons-btn--icon-left toggle-reply-form mr-1 inline-flex" href="#/owasp/owaspr-cornucopia-20-3p46/comments/new/2flcj" data-comment-id="1192119" data-path="/owasp/owaspr-cornucopia-20-3p46/comments/2flcj" data-tracking-name="comment_reply_button" data-testid="reply-button-1192119" rel="nofollow"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" role="img" aria-labelledby="at2hik6jw3iz6x3ueamyqlu726ww9k7i" class="crayons-icon reaction-icon not-reacted"><title id="at2hik6jw3iz6x3ueamyqlu726ww9k7i">Comment button</title><path d="M10.5 5h3a6 6 0 110 12v2.625c-3.75-1.5-9-3.75-9-8.625a6 6 0 016-6zM12 15.5h1.5a4.501 4.501 0 001.722-8.657A4.5 4.5 0 0013.5 6.5h-3A4.5 4.5 0 006 11c0 2.707 1.846 4.475 6 6.36V15.5z"></path></svg> <span class="hidden m:inline-block">Reply</span> </a> </footer> </div> </div> </div> </details> </div> </div> <div class="align-center"> <nav class="fs-s align-center block" aria-label="Conduct controls"> <a href="/code-of-conduct" class="crayons-link crayons-link--secondary">Code of Conduct</a> <span class="opacity-25 px-2" role="presentation">&bull;</span> <a href="/report-abuse" class="crayons-link crayons-link--secondary">Report abuse</a> </nav> </div> </section> <div id="hide-comments-modal" class="hidden"> <form id="hide-comments-modal__form" class="hide-comments-modal__form" data-type="json" action="/comments/hide" accept-charset="UTF-8" data-remote="true" method="post"><input name="utf8" type="hidden" value="&#x2713;" autocomplete="off" /><input type="hidden" name="_method" value="patch" autocomplete="off" /><input type="hidden" name="authenticity_token" value="P4ib1Vj8kv7Jk6oQQNYTwwE7l2uLrdylBCdk1dBS1T-0E3Ah67AUoyf9M85-vkK_TOv05BuhX7ZkbwCUbVdJ-w" autocomplete="off" /> <div class="hide-comments-modal__content"> <p class="pb-2"> Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's <a id="hide-comments-modal__comment-permalink" href="#">permalink</a>. </p> <label class="crayons-field crayons-field--checkbox my-2"> <input name="hide_children" type="hidden" value="0" autocomplete="off" /><input class="hide_children crayons-checkbox" type="checkbox" value="1" name="hide_children" id="hide_children" /> <p class="crayons-field__label">Hide child comments as well</p> </label> <p class="pb-4 pt-2"> <button type="submit" class="crayons-btn"> Confirm </button> </p> </div> </form> <p class="fs-s color-base-60">For further actions, you may consider blocking this person and/or <a id="hide-comments-modal__report-link" href="/report-abuse">reporting abuse</a></p> </div> </article> <div class="pb-4 crayons-layout__comments-billboard"> <div class="js-billboard-container pb-4 crayons-layout__comments-billboard" data-async-url="/owasp/owaspr-cornucopia-20-3p46/bb-2/post_comments"></div> </div> <section class="crayons-card crayons-card--secondary text-padding mb-4 print-hidden" id="bottom-content-read-next"> <h2 class="crayons-subtitle-1">Read next</h2> <a href="/syncfusion/how-to-add-a-context-menu-to-net-maui-listview-45k8" data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs8txyb56v8jnd14vkoer.png" class="crayons-link mt-6 block"> <div class="flex items-center"> <span class="crayons-avatar crayons-avatar--xl m:crayons-avatar--2xl mr-4 shrink-0"> <img loading="lazy" alt="calvinceawitim profile image" class="crayons-avatar__image" width="100" height="100" src="https://media2.dev.to/dynamic/image/width=100,height=100,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2291171%2F848b22b8-80f6-4883-bc8b-17a7faec0136.jpg" /> </span> <div> <h3 class="fs-xl mb-0 lh-tight">How to Add a Context Menu to .NET MAUI ListView?</h3> <p class="opacity-75 pt-1"> Calvince Moth - <time datetime="2025-02-17T12:59:58Z">Feb 17</time> </p> </div> </div> </a> <a href="/syncfusion/top-5-free-javascript-pdf-viewers-for-developers-in-2025-2ac6" data-preload-image="https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F65rbq5pkv37xgzqiuzy9.png" class="crayons-link mt-6 block"> <div class="flex items-center"> <span class="crayons-avatar crayons-avatar--xl m:crayons-avatar--2xl mr-4 shrink-0"> <img loading="lazy" alt="calvinceawitim profile image" class="crayons-avatar__image" width="100" height="100" src="https://media2.dev.to/dynamic/image/width=100,height=100,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2291171%2F848b22b8-80f6-4883-bc8b-17a7faec0136.jpg" /> </span> <div> <h3 class="fs-xl mb-0 lh-tight">Top 5 Free JavaScript PDF Viewers for Developers in 2025</h3> <p class="opacity-75 pt-1"> Calvince Moth - <time datetime="2025-02-17T13:19:20Z">Feb 17</time> </p> </div> </div> </a> <a href="/d_thiranjaya_6d3ec4552111/nodejs-performance-essential-tips-and-tricks-for-developers-2870" data-preload-image="" class="crayons-link mt-6 block"> <div class="flex items-center"> <span class="crayons-avatar crayons-avatar--xl m:crayons-avatar--2xl mr-4 shrink-0"> <img loading="lazy" alt="d_thiranjaya_6d3ec4552111 profile image" class="crayons-avatar__image" width="100" height="100" src="https://media2.dev.to/dynamic/image/width=100,height=100,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2735703%2Fc4212c79-3e5b-449e-b45c-953a51a44f5b.jpg" /> </span> <div> <h3 class="fs-xl mb-0 lh-tight">🚀 Node.js Performance: Essential Tips and Tricks for Developers</h3> <p class="opacity-75 pt-1"> Pawani Madushika - <time datetime="2025-02-18T01:06:18Z">Feb 18</time> </p> </div> </div> </a> <a href="/d_thiranjaya_6d3ec4552111/testing-strategies-essential-tips-and-tricks-for-developers-h2f" data-preload-image="" class="crayons-link mt-6 block"> <div class="flex items-center"> <span class="crayons-avatar crayons-avatar--xl m:crayons-avatar--2xl mr-4 shrink-0"> <img loading="lazy" alt="d_thiranjaya_6d3ec4552111 profile image" class="crayons-avatar__image" width="100" height="100" src="https://media2.dev.to/dynamic/image/width=100,height=100,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2735703%2Fc4212c79-3e5b-449e-b45c-953a51a44f5b.jpg" /> </span> <div> <h3 class="fs-xl mb-0 lh-tight">🚀 Testing Strategies: Essential Tips and Tricks for Developers</h3> <p class="opacity-75 pt-1"> Pawani Madushika - <time datetime="2025-02-17T01:09:17Z">Feb 17</time> </p> </div> </div> </a> </section> </div> </main> <aside class="crayons-layout__sidebar-right" aria-label="Author details"> <div class="crayons-article-sticky grid gap-4 pb-4 break-word" id="article-show-primary-sticky-nav"> <div class="crayons-card crayons-card--secondary branded-7 p-4 pt-0 gap-4 grid" style="border-top-color: #000000;"> <div class="-mt-4"> <a href="/owasp" class="flex"> <span class="crayons-logo crayons-logo--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F3468%2F0b3561bb-9ac3-413f-baaa-5014181e4b4d.jpg" class="crayons-logo__image" alt="" loading="lazy" /> </span> <span class="crayons-link crayons-subtitle-2 mt-5"> OWASP® Foundation </span> </a> </div> <div class="print-hidden"> <button name="button" type="button" data-info="{&quot;className&quot;:&quot;Organization&quot;,&quot;style&quot;:&quot;&quot;,&quot;id&quot;:3468,&quot;name&quot;:&quot;OWASP® Foundation&quot;}" class="crayons-btn follow-action-button whitespace-nowrap w-100 " aria-label="Follow organization: OWASP® Foundation" aria-pressed="false">Follow</button> </div> <div class="color-base-70"> No more insecure software. </div> <div> <p>Joining OWASP as a member sustains our mission, and enables you to network and collaborate with other security-minded professionals, as we imagine a world with No More Insecure Software.</p> </div> <div> <a href="https://owasp.org/membership/" class="crayons-btn crayons-btn--outlined w-100"> Join OWASP </a> </div> </div> <div class="crayons-card crayons-card--secondary"> <header class="crayons-card__header"> <h3 class="crayons-subtitle-2"> More from <a href="/owasp">OWASP® Foundation</a> </h3> </header> <div> <a class="crayons-link crayons-link--contentful" href="/owasp/how-to-pass-the-owasp-masvs-verification-by-design-2cf9"> How to pass the OWASP MASVS verification by design <div class="crayons-link__secondary -ml-1"> <span class="mr-1"><span class="opacity-50">#</span>appsec</span> <span class="mr-1"><span class="opacity-50">#</span>mobile</span> <span class="mr-1"><span class="opacity-50">#</span>cybersecurity</span> <span class="mr-1"><span class="opacity-50">#</span>security</span> </div> </a> <a class="crayons-link crayons-link--contentful" href="/owasp/how-to-do-threat-modeling-for-agile-mobile-app-development-28ki"> How to do threat modeling for agile mobile app development? <div class="crayons-link__secondary -ml-1"> <span class="mr-1"><span class="opacity-50">#</span>agile</span> <span class="mr-1"><span class="opacity-50">#</span>mobile</span> <span class="mr-1"><span class="opacity-50">#</span>appsec</span> <span class="mr-1"><span class="opacity-50">#</span>cybersecurity</span> </div> </a> <a class="crayons-link crayons-link--contentful" href="/owasp/secure-coding-principles-4dg8"> Secure Coding Principles <div class="crayons-link__secondary -ml-1"> <span class="mr-1"><span class="opacity-50">#</span>webdev</span> <span class="mr-1"><span class="opacity-50">#</span>cybersecurity</span> <span class="mr-1"><span class="opacity-50">#</span>programming</span> <span class="mr-1"><span class="opacity-50">#</span>java</span> </div> </a> </div> </div> </div> <div class="crayons-article-sticky grid gap-4 break-word js-billboard-container" data-async-url="/owasp/owaspr-cornucopia-20-3p46/bb-2/post_sidebar"></div> </aside> </div> <script> if (document.getElementsByClassName('fluidvids').length === 0) { window.Fluidvids=function(a,b){"use strict";var c,d,e=b.head||b.head,f=".fluidvids-elem{position:absolute;top:0px;left:0px;width:100%;height:100%;border:none;}.fluidvids{width:100%;position:relative;}",g=function(a){return c=new RegExp("^(https?:)?//(?:"+d.join("|")+").*$","i"),c.test(a)},h=function(a){var c=b.createElement("div"),d=a.parentNode,e=100*(parseInt(a.height?a.height:a.offsetHeight,10)/parseInt(a.width?a.width:a.offsetWidth,10));d.insertBefore(c,a),a.className+=" fluidvids-elem",c.className+=" fluidvids",c.style.paddingTop=e+"%",c.appendChild(a)},i=function(){var a=b.createElement("div");a.innerHTML="<p>x</p><style>"+f+"</style>",e.appendChild(a.childNodes[1])},j=function(a){var c=a||{},e=c.selector||"iframe";d=c.players||["www.youtube.com","player.vimeo.com","clips.twitch.tv"];for(var f=b.querySelectorAll(e),j=0;j<f.length;j++){var k=f[j];g(k.src)&&h(k)}i()};return{init:j}}(window,document); Fluidvids.init({ selector: ['iframe', 'object'], // runs querySelectorAll() players: ['www.youtube.com', 'player.vimeo.com', 'clips.twitch.tv'] // players to support }); } </script> <div class="mod-actions-menu print-hidden"></div> <div data-testid="unpublish-post-modal-container" class="unpublish-post-modal-container hidden"></div> <div class="fullscreen-code js-fullscreen-code"></div> <script src="https://assets.dev.to/assets/followButtons-f2455d1f50a862b83fa006b1953e3a1644598781243cae25d3e75b13c04184fd.js" defer="defer"></script> <script src="https://assets.dev.to/assets/billboard-f7c8c27ea139e85e7eb2a1adec43d4757a9edf002f434e8ba0eca486c39a6e60.js" defer="defer"></script> <script src="https://assets.dev.to/assets/localizeArticleDates-70147c5c6bfe350b42e020ebb2a3dd37419d83978982b5a67b6389119bf162ac.js" defer="defer"></script> <script src="https://assets.dev.to/assets/articleReactions-79a44d82fb34a91c3987c24cfd3bcf2b0d38a02730b69ae6da297387d185f015.js" defer="defer"></script> <script> function activateRunkitTags() { if (!areAnyRunkitTagsPresent()) return var checkRunkit = setInterval(function() { try { dynamicallyLoadRunkitLibrary() if (typeof(RunKit) === 'undefined') { return } replaceTagContentsWithRunkitWidget() clearInterval(checkRunkit); } catch(e) { console.error(e); clearInterval(checkRunkit); } }, 200); } function isRunkitTagAlreadyActive(runkitTag) { return runkitTag.querySelector("iframe") !== null; }; function areAnyRunkitTagsPresent() { var presentRunkitTags = document.getElementsByClassName("runkit-element"); return presentRunkitTags.length > 0 } function replaceTagContentsWithRunkitWidget() { var targets = document.getElementsByClassName("runkit-element"); for (var i = 0; i < targets.length; i++) { if (isRunkitTagAlreadyActive(targets[i])) { continue; } var wrapperContent = targets[i].textContent; if (/^(<iframe src)/.test(wrapperContent) === false) { if (targets[i].children.length > 0) { var preamble = targets[i].children[0].textContent; var content = targets[i].children[1].textContent; targets[i].innerHTML = ""; var notebook = RunKit.createNotebook({ element: targets[i], source: content, preamble: preamble }); } } } }; function dynamicallyLoadRunkitLibrary() { if (typeof(dynamicallyLoadScript) === "undefined") return dynamicallyLoadScript("//embed.runkit.com") } activateRunkitTags(); </script> <div class="js-billboard-container pb-4 crayons-layout__comments-billboard" data-async-url="/owasp/owaspr-cornucopia-20-3p46/bb-2/post_fixed_bottom"></div> <div id="runtime-banner-container"></div> </div> </div> <footer id="footer" class="crayons-footer print-hidden"> <div id="footer-container" class="crayons-footer__container"> <style> .long-bb-body { max-height: calc(100vh - 200px); overflow: hidden; } .long-bb-bottom { height: 180px; background: linear-gradient(to top, var(--card-bg), transparent); margin-top: -180px; position:relative; z-index: 5; } </style> <div style="" data-display-unit data-id="146443" data-category-click="click" data-category-impression="impression" data-context-type="home" data-special="nothing" data-article-id="2129424" data-type-of="in_house"> <p style="font-weight: bold;margin-bottom: 10px"> Thank you to our Diamond Sponsor <a href="https://neon.tech/">Neon</a> for supporting our community. </p> </div> <p class="fs-s crayons-footer__description"> <a class="c-link c-link--branded fw-medium" aria-label="DEV Community Home" href="/">DEV Community</a> — A constructive and inclusive social network for software developers. With you every step of your journey. </p> <ul class="footer__nav-links flex gap-2 justify-center flex-wrap fs-s p-0" style="" /> <li class="footer__nav-link flex items-center"> <a href="/"> Home </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/++"> DEV++ </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/pod"> Podcasts </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/videos"> Videos </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/tags"> Tags </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/help"> DEV Help </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="https://shop.forem.com/"> Forem Shop </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/advertise"> Advertise on DEV </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/challenges"> DEV Challenges </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/showcase"> DEV Showcase </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/about"> About </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/contact"> Contact </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/free-postgres-database-tier"> Free Postgres Database </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/software-comparisons"> Software comparisons </a> <span class="dot ml-2"></span> </li> </ul> <ul class="footer__nav-links flex gap-2 justify-center flex-wrap fs-s p-0" style="" /> <li class="footer__nav-link flex items-center"> <a href="/code-of-conduct"> Code of Conduct </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/privacy"> Privacy Policy </a> <span class="dot ml-2"></span> </li> <li class="footer__nav-link flex items-center"> <a href="/terms"> Terms of use </a> <span class="dot ml-2"></span> </li> </ul> <div class="fs-s"> <p>Built on <a class="c-link c-link--branded" target="_blank" rel="noopener" href="https://www.forem.com">Forem</a> — the <a target="_blank" rel="noopener" class="c-link c-link--branded" href="https://dev.to/t/opensource">open source</a> software that powers <a target="_blank" rel="noopener" class="c-link c-link--branded" href="https://dev.to">DEV</a> and other inclusive communities.</p> <p>Made with love and <a target="_blank" rel="noopener" class="c-link c-link--branded" href="https://dev.to/t/rails">Ruby on Rails</a>. DEV Community <span title="copyright">&copy;</span> 2016 - 2025.</p> </div> </div> </footer> <div id="snack-zone"></div> <div id="global-signup-modal" class="authentication-modal hidden"> <div class="authentication-modal__container"> <figure class="authentication-modal__image-container"> <img class="authentication-modal__image" src="https://media2.dev.to/dynamic/image/width=190,height=,fit=scale-down,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8j7kvp660rqzt99zui8e.png" alt="DEV Community" loading="lazy" /> </figure> <div class="authentication-modal__content"> <p class="authentication-modal__description"> We&#39;re a place where coders share, stay up-to-date and grow their careers. </p> </div> <div class="authentication-modal__actions"> <a href="/enter" class="crayons-btn" aria-label="Log in" data-no-instant> Log in </a> <a href="/enter?state=new-user" class="crayons-btn crayons-btn--ghost-brand js-global-signup-modal__create-account" aria-label="Create new account" data-no-instant> Create account </a> </div> </div> </div> <script src="https://assets.dev.to/assets/signupModalShortcuts-0b25469b985100a01e94cbd7fccaf7f0a4d776e129aac65c766aa32cb28ab29a.js" defer="defer"></script> <div id="cookie-consent"></div> <div id="i18n-translations" data-translations="{&quot;en&quot;:{&quot;core&quot;:{&quot;add_comment&quot;:&quot;Add comment&quot;,&quot;beta&quot;:&quot;beta&quot;,&quot;comment&quot;:&quot;Comment&quot;,&quot;copy_link&quot;:&quot;Copy link&quot;,&quot;edit_profile&quot;:&quot;Edit profile&quot;,&quot;follow&quot;:&quot;Follow&quot;,&quot;follow_back&quot;:&quot;Follow back&quot;,&quot;following&quot;:&quot;Following&quot;,&quot;like&quot;:&quot;Like&quot;,&quot;loading&quot;:&quot;loading...&quot;,&quot;reaction&quot;:&quot;Reaction&quot;,&quot;report_abuse&quot;:&quot;Report abuse&quot;,&quot;search&quot;:&quot;Search&quot;,&quot;success_settings&quot;:&quot;Successfully updated settings.&quot;,&quot;counted_organization&quot;:{&quot;one&quot;:&quot;%{count} organization&quot;,&quot;other&quot;:&quot;%{count} organizations&quot;},&quot;counted_user&quot;:{&quot;one&quot;:&quot;%{count} person&quot;,&quot;other&quot;:&quot;%{count} people&quot;},&quot;not_following&quot;:&quot;You&#39;re not following anyone&quot;,&quot;following_everyone&quot;:&quot;You&#39;re following %{details} (everyone)&quot;,&quot;you_are_following&quot;:&quot;You&#39;re following&quot;,&quot;and&quot;:&quot;and&quot;}}}"></div> <div id="reaction-category-resources" class="hidden" aria-hidden="true"> <img data-name="Like" data-slug="like" data-position="1" src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="18" height="18" /> <img data-name="Unicorn" data-slug="unicorn" data-position="2" src="https://assets.dev.to/assets/multi-unicorn-b44d6f8c23cdd00964192bedc38af3e82463978aa611b4365bd33a0f1f4f3e97.svg" width="18" height="18" /> <img data-name="Exploding Head" data-slug="exploding_head" data-position="3" src="https://assets.dev.to/assets/exploding-head-daceb38d627e6ae9b730f36a1e390fca556a4289d5a41abb2c35068ad3e2c4b5.svg" width="18" height="18" /> <img data-name="Raised Hands" data-slug="raised_hands" data-position="4" src="https://assets.dev.to/assets/raised-hands-74b2099fd66a39f2d7eed9305ee0f4553df0eb7b4f11b01b6b1b499973048fe5.svg" width="18" height="18" /> <img data-name="Fire" data-slug="fire" data-position="5" src="https://assets.dev.to/assets/fire-f60e7a582391810302117f987b22a8ef04a2fe0df7e3258a5f49332df1cec71e.svg" width="18" height="18" /> </div> <script> var userSignedIn = false; if (document.readyState === 'complete' || document.readyState === 'interactive') { initAuth(); } else { document.addEventListener('DOMContentLoaded', initAuth); } function initAuth() { var paramToken = new URLSearchParams(window.location.search).get('jwt'); if (paramToken && !userSignedIn) { authenticateUser(paramToken); } else { var iframe = document.createElement('iframe'); iframe.style.display = 'none'; iframe.src = 'https://forem.com/auth_pass/iframe'; document.body.appendChild(iframe); window.addEventListener('message', function(event) { if (event.origin !== 'https://forem.com' && event.origin !== window.location.origin) { return; } var data = event.data; if (data.authenticated && !userSignedIn) { authenticateUser(data.token); } else if(data.authenticated && window.ReactNativeWebView && window.ReactNativeWebView.postMessage) { window.ReactNativeWebView.postMessage(JSON.stringify({ action: 'login', token: data.token, })); } }); } function authenticateUser(token) { fetch('/auth_pass/token_login', { method: 'POST', credentials: 'include', headers: { 'Content-Type': 'application/json', 'X-CSRF-Token': getMetaContent('csrf-token'), }, body: JSON.stringify({ token: token }), }) .then(function(response) { return response.json(); }) .then(function(data) { if (data.success) { if (document.head.querySelector('meta[name="user-signed-in"][content="false"]')) { // Reload the page to update the user's state location.reload(); } } }) .catch(function(error) { console.error('Error during authentication:', error); }); } function getMetaContent(name) { var element = document.querySelector('meta[name="' + name + '"]'); return element ? element.getAttribute('content') : ''; } } </script> </body> </html>