[Owasp_cornucopia] Fwd: Corncupia vs EOP

Amit Agarwal amitmnagarwal at gmail.com
Sat Jul 14 19:31:35 UTC 2018


Thanks for the reply.

Playing both would be a big ask from the projects who are always shying
away from security

Also how does it compare against OWASP ASVS.

I guess both serve the same purpose.

On Mon, 9 Jul 2018, 5:39 pm Colin Watson, <colin.watson at owasp.org> wrote:

> Hello Amit
>
> Thanks for your interest in OWASP Cornucopia.
>
> As you noted it is based on Microsoft's Elevation of Privilege (EoP) card
> game, but while that was developed for threat modelling of Microsoft's
> products like SQL Server, Cornucopia is solely focused on web application
> threat modelling. So if you are working with web applications, try
> Cornucopia first. But you may gain some alternative insights into your
> projects following the STRIDE approach of EoP too. Play both!
>
> Regarding the project, the content has gone through a number of
> iterations, so the focus more recently has been on promoting it and getting
> it translated into other languages. Those are not small tasks in themselves
> and we look forward to further updates in due course. The recent work to
> complete a French translation has been marvellous, and there is work in
> progress for Portuguese and Spanish.
>
> Regards
>
> Colin
>
>
>
>
> On 9 July 2018 at 16:30, Amit Agarwal <amitmnagarwal at gmail.com> wrote:
>
>>
>>
>>
>> Hi Dario/Colin,
>>
>> Thanks for the wonderful project.
>>
>> I am a bit confused between the two.
>>
>> Which one should be preferred?
>>
>> Also I observed, the project has not gone any updates since a year.
>>
>> It active or gone dormant ?
>>
>> Thanks
>> Amit
>>
>> _______________________________________________
>> Owasp_cornucopia mailing list
>> Owasp_cornucopia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_cornucopia
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_cornucopia/attachments/20180714/a006602d/attachment.html>


More information about the Owasp_cornucopia mailing list