The XML data (for version 1.03) is an extract of all the information included on the playing cards included in the source word processer document. Going forward I intend to maintain both versions in parallel.
I am hoping the XML version will allow people to consume the data in other documents, applications and systems, or help them create their own printable versions more easily. Like everything else in the project this is licensed under the Creative Commons Attribution-ShareAlike 3.0 license.
As a demonstration of using the XML file, the Cornucopia project now has a Twitter account (@OWASPCornucopia), which tweets the attack text from a pseudo-randomly selected card twice daily. For example, the sequence of three (this time) tweets from a couple of hours ago today:
- [2014-01-24] Standby, the croupier is dealing a Cornucopia Ecommerce Website Edition card http://bit.ly/1g7dEZE #owasp #pcidss #appsec ...
- The card for Friday morning (GMT+0) is the Nine of Cryptography, which reads "Andy can bypass random number generation, random GUID...
- ...generation, hashing and encryption functions because they have been self-built and/or are weak"
Currently the card is selected from the whole pack each time, but this could (should?) be changed to randomly select a card from the deck until all cards have been dealt. The account's profile photo is updated to match the card for an hour, before it reverts to a more generic image. The tweets might just about be helpful as an application security awareness resource — perhaps as "appsec requirement of the day".
A trivial use, but it was fun doing some coding. And working on this helped me come up with a solution for another problem I have been thinking about.
Posted on: 24 January 2014 at 10:56 hrs