[Owasp_cornucopia] Fwd: Corncupia vs EOP

Colin Watson colin.watson at owasp.org
Sun Jul 15 08:19:15 UTC 2018


Amit

Cornucopia is mapped to ASVS. Not every item in Cornucopia exists in ASVS.

Colin




On 14 July 2018 at 20:31, Amit Agarwal <amitmnagarwal at gmail.com> wrote:

> Thanks for the reply.
>
> Playing both would be a big ask from the projects who are always shying
> away from security
>
> Also how does it compare against OWASP ASVS.
>
> I guess both serve the same purpose.
>
> On Mon, 9 Jul 2018, 5:39 pm Colin Watson, <colin.watson at owasp.org> wrote:
>
>> Hello Amit
>>
>> Thanks for your interest in OWASP Cornucopia.
>>
>> As you noted it is based on Microsoft's Elevation of Privilege (EoP) card
>> game, but while that was developed for threat modelling of Microsoft's
>> products like SQL Server, Cornucopia is solely focused on web application
>> threat modelling. So if you are working with web applications, try
>> Cornucopia first. But you may gain some alternative insights into your
>> projects following the STRIDE approach of EoP too. Play both!
>>
>> Regarding the project, the content has gone through a number of
>> iterations, so the focus more recently has been on promoting it and getting
>> it translated into other languages. Those are not small tasks in themselves
>> and we look forward to further updates in due course. The recent work to
>> complete a French translation has been marvellous, and there is work in
>> progress for Portuguese and Spanish.
>>
>> Regards
>>
>> Colin
>>
>>
>>
>>
>> On 9 July 2018 at 16:30, Amit Agarwal <amitmnagarwal at gmail.com> wrote:
>>
>>>
>>>
>>>
>>> Hi Dario/Colin,
>>>
>>> Thanks for the wonderful project.
>>>
>>> I am a bit confused between the two.
>>>
>>> Which one should be preferred?
>>>
>>> Also I observed, the project has not gone any updates since a year.
>>>
>>> It active or gone dormant ?
>>>
>>> Thanks
>>> Amit
>>>
>>> _______________________________________________
>>> Owasp_cornucopia mailing list
>>> Owasp_cornucopia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_cornucopia
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_cornucopia/attachments/20180715/e764e83f/attachment.html>


More information about the Owasp_cornucopia mailing list