[Owasp_snakes_and_ladders] OWASP Snakes and Ladders - Project launch and document releases

Colin Watson colin.watson at owasp.org
Thu Nov 6 09:11:04 UTC 2014

List members and visitors

I am pleased to welcome you to the OWASP Snakes and Ladders Project,
and at the same time announce two document releases.


Snakes and Ladders is an educational board game from OWASP which
promotes awareness of web application security controls and risks.
There are two version 1.0 releases:

- Web Applications
- Mobile Apps

The first of these is available in German and Spanish, as well as in
(British) English. Translations to Chinese, Dutch and Japanese are
also in progress. The volunteers who are generously translating the
text and performing proof reading are:

- Manuel Lopez Arredondo
- Tobias Gondrom
- Martin Haslinger
- Riotaro Okada
- Ferdinand Vroom
- Ivy Zhang

Snakes and Ladders is a popular board game, with ancient provenance
imported into Great Britain from Asia by the 19th century. The
original game showed the effects of good and evil, or virtues and
vices. The game is known as Chutes and Ladders in some parts of the
Americas. In this OWASP version, the virtuous behaviours are secure
coding practices and the vices are application security risks.

The game was created by myself to use as an ice-breaker in application
security training, but it potentially has wider appeal simply as a
promotional hand-out, and maybe also more usefully as learning
materials for younger coders. To cover all of that, we use the phrase
"OWASP Snakes and Ladders is meant to be used by software programmers,
big and small" – size does not matter.

The game is quite lightweight, and does not have the same rigour or
depth as my card game Cornucopia, but it's meant to be just some fun
with some learning attached.

Print-ready PDFs have been published - these are poster sized A2
(international world-wide paper sizes). But the original files are
Adobe Illustrator, so these are also available for anyone to use and
improve upon. OWASP Snakes and Ladders is free to use. It is licensed
under the Creative Commons Attribution-ShareAlike 3.0 license, so you
can copy, distribute and transmit the work, and you can adapt it, and
use it commercially, but all provided that you attribute the work and
if you alter, transform, or build upon this work, you may distribute
the resulting work only under the same or similar licence.

It’s better to play using a real die and counters (markers), but you
can cut out and make these from the paper sheet itself if you have
scissor and glue skills.

And if you like my pythonidae skills, I have also been practising my
python Twitter bot skills. There are now two accounts that play mock
games - these are still somewhat in beta:



I will be handing printed copies of the sheets out whenever I can, and
hope it will be used for office parties, celebrations, festivals,
seasonal events or even training exercises. For a small number of
copies, digital printing is cheapest, but for longer printer runs
consider lithographic printing – I had 500 A2 full-colour copies
printed for just under £250 including VAT.

We would like to thank the over-stretched OWASP staff for helping get
this project set up and announced, and Fabio Cerullo for setting the
project up on Crowdin.

We hope you enjoy playing, and that playing improves application security.

Colin Watson

OWASP Snakes and Ladders project leader

More information about the Owasp_snakes_and_ladders mailing list