<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Cornucopia is a threat modeling card
      game. <br>
      The project page is on our wiki. <br>
      You can also get the card deck as merchandise from our global
      team. <br>
      We played a round of Cornucopia last year in London and I find it
      interesting and a potentially good way to improve threat modelling
      sessions that otherwise can be quite an uphill battle against
      disinterested developers... ;-) <br>
      <br>
      For further questions, maybe check with Colin. (I cc'ed him on the
      email). <br>
      <br>
      Best, Tobias<br>
      <br>
      <br>
      On 12/12/14 13:20, Akash Mahajan wrote:<br>
    </div>
    <blockquote
cite="mid:CA+QUGmPFeMn9H2mDbgQS1XM9LAE=v3pf1TokPVF+bmWvh9dDsw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>Hi Tobias,<br>
          <br>
          Thank you for the extensive list of things we can take up. <br>
          <br>
        </div>
        Out of these, I wasn't aware of Cornucopia before. Could you
        please tell me more how we can use it in a meet? (I was reading
        about it and it seems like a card game) <br>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On 10 December 2014 at 20:52, Tobias <span
            dir="ltr"><<a moz-do-not-send="true"
              href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>Hello Akash, <br>
                <br>
                interesting theme idea Break it & Fix it. <br>
                The following is just some of my personal favourites at
                the moment within your theme context: <br>
                - Top-10 & Top-10 proactive controls<br>
                - Mobile Top-10 & Mobile proactive controls <br>
                - Personally, I also find worthwhile for "fix it" to
                look at Secure Coding best Practices Quick Reference
                Guide (Oh boy, we really need to come up with a shorter
                name for this...) <br>
                - And potentially openSAMM as a measure to ramp up your
                SDLC - again "fix it". <br>
                - and Cornucopia to spice up the threat assessment /
                requirements process part...<br>
                <br>
                Just my 2cents. <br>
                <br>
                Best, Tobias
                <div>
                  <div class="h5"><br>
                    <br>
                    <br>
                    <br>
                    On 09/12/14 13:35, Akash Mahajan wrote:<br>
                  </div>
                </div>
              </div>
              <blockquote type="cite">
                <div>
                  <div class="h5">
                    <div dir="ltr">
                      <div>
                        <div>
                          <div>
                            <div>
                              <div>
                                <div>
                                  <div>
                                    <div>
                                      <div>Hello Folks, <br>
                                        <br>
                                        We at OWASP Bangalore are
                                        planning on starting new series
                                        of sessions called Break It and
                                        Fix It. <br>
                                        <br>
                                        The idea for now is to take up
                                        Top 10, cover the a vulnerable
                                        sample application show the
                                        attack and then talk about ways
                                        to fix the code. If everything
                                        goes well we shall start on the
                                        20th of this month. <br>
                                        <br>
                                        As part of the recommendations
                                        and references at this point
                                        what resources should we be
                                        highlighting? <br>
                                        <br>
                                        The reason to ask the question
                                        is that some of the guides are
                                        in the process of being
                                        re-written and there was a
                                        discussion about flagship
                                        proects etc. <br>
                                        <br>
                                      </div>
                                      We have already done extensive
                                      coverage of<br>
                                      <br>
                                    </div>
                                    1. OWASP ZAP<br>
                                  </div>
                                  2. OWASP Top 10 2010 and 2013<br>
                                </div>
                                <div>3. OWASP BWA <br>
                                </div>
                                4. OWASP OWTF - Being covered in our
                                meet on the 13th Dec<br>
                                <br>
                              </div>
                              We would like to do more with<br>
                            </div>
                            - The new Dev guide<br>
                          </div>
                          - ASVS Document<br>
                          <br>
                          <br>
                        </div>
                        Also, this sort of email is better for the
                        chapters list or the leaders list? I always get
                        confused about that. <br>
                        <br>
                      </div>
                      Thank you. <br clear="all">
                      <div>
                        <div>
                          <div>
                            <div>
                              <div>
                                <div>
                                  <div>
                                    <div>
                                      <div>
                                        <div>
                                          <div><br>
                                            -- <br>
                                            <div>Warm regards,<br>
                                              Akash Mahajan<br>
                                              <br>
                                              <i>That Web Application
                                                Security Guy</i> | +91
                                              99 805 271 82<br>
                                              <a moz-do-not-send="true"
                                                href="http://akashm.com"
                                                target="_blank">akashm.com</a>
                                              | <i>@makash</i> on
                                              twitter | <a
                                                moz-do-not-send="true"
                                                href="http://linkd.in/webappsecguy"
                                                target="_blank">linkd.in/webappsecguy</a><br>
                                              <i>OWASP Bangalore Chapter
                                                Lead | null Community
                                                Manager</i><br>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                  </div>
                </div>
                <span class="">
                  <pre>_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
                </span></blockquote>
              <br>
            </div>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <br>
        -- <br>
        <div class="gmail_signature">Warm regards,<br>
          Akash Mahajan<br>
          <br>
          <i>That Web Application Security Guy</i> | +91 99 805 271 82<br>
          <a moz-do-not-send="true" href="http://akashm.com"
            target="_blank">akashm.com</a> | <i>@makash</i> on twitter
          | <a moz-do-not-send="true"
            href="http://linkd.in/webappsecguy" target="_blank">linkd.in/webappsecguy</a><br>
          <i>OWASP Bangalore Chapter Lead | null Community Manager</i><br>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>