update
This commit is contained in:
98
html/securitycardgames.md2.html
Normal file
98
html/securitycardgames.md2.html
Normal file
@@ -0,0 +1,98 @@
|
||||
<h1 id="awesome-security-card-games-awesome">Awesome Security Card Games
|
||||
<a href="https://github.com/sindresorhus/awesome"><img
|
||||
src="https://awesome.re/badge.svg" alt="Awesome" /></a></h1>
|
||||
<blockquote>
|
||||
<p>A curated list of security card games (which are sometimes known as
|
||||
tabletop exercises).</p>
|
||||
</blockquote>
|
||||
<p>Security card games help train your skills and enable discussions for
|
||||
various areas of security.</p>
|
||||
<h2 id="contents">Contents</h2>
|
||||
<ul>
|
||||
<li><a href="#application-security">Application Security</a></li>
|
||||
<li><a href="#cryptography">Cryptography</a></li>
|
||||
<li><a href="#data-privacy">Data Privacy</a></li>
|
||||
<li><a href="#incident-response">Incident Response</a></li>
|
||||
<li><a href="#threat-modeling">Threat Modeling</a></li>
|
||||
<li><a href="#various-resources">Various Resources</a></li>
|
||||
</ul>
|
||||
<h2 id="application-security">Application Security</h2>
|
||||
<ul>
|
||||
<li><a href="https://cornucopia.owasp.org">Cornucopia</a> - OWASP®
|
||||
Cornucopia is a threat modeling tool in the form of a card game to
|
||||
assist software development teams identify security requirements in
|
||||
Agile, conventional and formal development processes. It’s based on
|
||||
OWASP’s Top 10, ASVS/MASVS/MASTG, CAPEC and SAFECode. The <a
|
||||
href="%5Bhttps://cornucopia.owasp.org/webshop">card decks</a>) are
|
||||
available both as a Website version and a Mobile version as physical
|
||||
decks that can be bought online or in a digital format at <a
|
||||
href="https://copi.owasp.org">copi.owasp.org</a>.</li>
|
||||
</ul>
|
||||
<h2 id="cryptography">Cryptography</h2>
|
||||
<ul>
|
||||
<li><a href="https://www.cryptogogame.com/EN">Crypto Go</a> - An
|
||||
educational card game designed to teach up to date symmetric
|
||||
cryptography. Crypto Go deck consists of cards representing modern
|
||||
cryptographic tools.</li>
|
||||
</ul>
|
||||
<h2 id="data-privacy">Data Privacy</h2>
|
||||
<ul>
|
||||
<li><a href="https://aca.edu.au/resources/cyber-sharing-cards/">Know
|
||||
your risks</a> - Learn what information is safe to share online and
|
||||
understand the risks. Learn about whether to share, not share or be
|
||||
cautious with different pieces of information.</li>
|
||||
</ul>
|
||||
<h2 id="incident-response">Incident Response</h2>
|
||||
<ul>
|
||||
<li><a
|
||||
href="https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/">Backdoors
|
||||
& Breaches</a> - An incident response card game. It helps you
|
||||
conduct incident response tabletop exercises and learn attack tactics,
|
||||
tools, and methods.</li>
|
||||
<li><a href="https://github.com/Karneades/Defensomania">Defensomania</a>
|
||||
- An incident response card game for security monitoring and incident
|
||||
response teams to discuss priorities, possible response actions and
|
||||
attack scenarios.</li>
|
||||
</ul>
|
||||
<h2 id="threat-modeling">Threat Modeling</h2>
|
||||
<ul>
|
||||
<li><a
|
||||
href="https://web.archive.org/web/20150312215303/http://www.microsoft.com/security/sdl/adopt/eop.aspx">Elevation
|
||||
of Privilege (EOP) by Microsoft</a> - A card game based on Microsoft’s
|
||||
threat modeling framework “STRIDE” (Spoofing, Tampering etc.). The <a
|
||||
href="https://www.microsoft.com/en-us/download/details.aspx?id=20303">card
|
||||
deck</a> is available as PDF from Microsoft. Adam Shostack, the author
|
||||
of EoP has also a <a href="https://github.com/adamshostack/eop/">git
|
||||
repo</a> for EoP.</li>
|
||||
<li><a href="http://securitycards.cs.washington.edu/index.html">Security
|
||||
Cards</a> - A card game encouraging to think broadly and creatively
|
||||
about computer security threats. Four dimensions are covered: Human
|
||||
Impact, Adversary’s Motivations, Adversary’s Resources, Adversary’s
|
||||
Methods.</li>
|
||||
<li><a href="https://github.com/TNG/cumulus">Cumulus</a> - A threat
|
||||
modeling card game for the clouds which helps you find threats to your
|
||||
DevOps or cloud project and teaches developers a security oriented
|
||||
mindset.</li>
|
||||
</ul>
|
||||
<h2 id="various-resources">Various Resources</h2>
|
||||
<ul>
|
||||
<li><a href="https://adam.shostack.org/games.html">Tabletop Security
|
||||
Games & Cards</a> - List of security card games created and
|
||||
maintained by Adam Shostack.</li>
|
||||
<li><a
|
||||
href="https://redcanary.com/blog/using-tabletop-simulations-to-improve-information-security/">Tabletop
|
||||
Simulations to Improve Your Information Security Program</a> - Red
|
||||
Canary’s write-up about tabletop exercises for information security
|
||||
programs.</li>
|
||||
<li><a
|
||||
href="https://www.linkedin.com/pulse/game-tabletop-games-teach-cyber-information-security-mike-mcgannon">Game
|
||||
On: Tabletop Games to Teach Cyber and Information Security Concepts</a>
|
||||
- List of tabletop games to teach cyber and information security
|
||||
concepts.</li>
|
||||
</ul>
|
||||
<h2 id="contributing">Contributing</h2>
|
||||
<p>Contributions welcome! Read the <a
|
||||
href="CONTRIBUTING.md">contribution guidelines</a> first.</p>
|
||||
<p><a
|
||||
href="https://github.com/Karneades/awesome-security-card-games">securitycardgames.md
|
||||
Github</a></p>
|
||||
Reference in New Issue
Block a user