rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
awesome-awesomeness/html/securitycardgames.md2.html
rhetenor 652812eed0 update
2025-07-18 23:13:11 +02:00

99 lines
4.6 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<h1 id="awesome-security-card-games-awesome">Awesome Security Card Games
<a href="https://github.com/sindresorhus/awesome"><img
src="https://awesome.re/badge.svg" alt="Awesome" /></a></h1>
<blockquote>
<p>A curated list of security card games (which are sometimes known as
tabletop exercises).</p>
</blockquote>
<p>Security card games help train your skills and enable discussions for
various areas of security.</p>
<h2 id="contents">Contents</h2>
<ul>
<li><a href="#application-security">Application Security</a></li>
<li><a href="#cryptography">Cryptography</a></li>
<li><a href="#data-privacy">Data Privacy</a></li>
<li><a href="#incident-response">Incident Response</a></li>
<li><a href="#threat-modeling">Threat Modeling</a></li>
<li><a href="#various-resources">Various Resources</a></li>
</ul>
<h2 id="application-security">Application Security</h2>
<ul>
<li><a href="https://cornucopia.owasp.org">Cornucopia</a> - OWASP®
Cornucopia is a threat modeling tool in the form of a card game to
assist software development teams identify security requirements in
Agile, conventional and formal development processes. Its based on
OWASPs Top 10, ASVS/MASVS/MASTG, CAPEC and SAFECode. The <a
href="%5Bhttps://cornucopia.owasp.org/webshop">card decks</a>) are
available both as a Website version and a Mobile version as physical
decks that can be bought online or in a digital format at <a
href="https://copi.owasp.org">copi.owasp.org</a>.</li>
</ul>
<h2 id="cryptography">Cryptography</h2>
<ul>
<li><a href="https://www.cryptogogame.com/EN">Crypto Go</a> - An
educational card game designed to teach up to date symmetric
cryptography. Crypto Go deck consists of cards representing modern
cryptographic tools.</li>
</ul>
<h2 id="data-privacy">Data Privacy</h2>
<ul>
<li><a href="https://aca.edu.au/resources/cyber-sharing-cards/">Know
your risks</a> - Learn what information is safe to share online and
understand the risks. Learn about whether to share, not share or be
cautious with different pieces of information.</li>
</ul>
<h2 id="incident-response">Incident Response</h2>
<ul>
<li><a
href="https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/">Backdoors
&amp; Breaches</a> - An incident response card game. It helps you
conduct incident response tabletop exercises and learn attack tactics,
tools, and methods.</li>
<li><a href="https://github.com/Karneades/Defensomania">Defensomania</a>
- An incident response card game for security monitoring and incident
response teams to discuss priorities, possible response actions and
attack scenarios.</li>
</ul>
<h2 id="threat-modeling">Threat Modeling</h2>
<ul>
<li><a
href="https://web.archive.org/web/20150312215303/http://www.microsoft.com/security/sdl/adopt/eop.aspx">Elevation
of Privilege (EOP) by Microsoft</a> - A card game based on Microsofts
threat modeling framework “STRIDE” (Spoofing, Tampering etc.). The <a
href="https://www.microsoft.com/en-us/download/details.aspx?id=20303">card
deck</a> is available as PDF from Microsoft. Adam Shostack, the author
of EoP has also a <a href="https://github.com/adamshostack/eop/">git
repo</a> for EoP.</li>
<li><a href="http://securitycards.cs.washington.edu/index.html">Security
Cards</a> - A card game encouraging to think broadly and creatively
about computer security threats. Four dimensions are covered: Human
Impact, Adversarys Motivations, Adversarys Resources, Adversarys
Methods.</li>
<li><a href="https://github.com/TNG/cumulus">Cumulus</a> - A threat
modeling card game for the clouds which helps you find threats to your
DevOps or cloud project and teaches developers a security oriented
mindset.</li>
</ul>
<h2 id="various-resources">Various Resources</h2>
<ul>
<li><a href="https://adam.shostack.org/games.html">Tabletop Security
Games &amp; Cards</a> - List of security card games created and
maintained by Adam Shostack.</li>
<li><a
href="https://redcanary.com/blog/using-tabletop-simulations-to-improve-information-security/">Tabletop
Simulations to Improve Your Information Security Program</a> - Red
Canarys write-up about tabletop exercises for information security
programs.</li>
<li><a
href="https://www.linkedin.com/pulse/game-tabletop-games-teach-cyber-information-security-mike-mcgannon">Game
On: Tabletop Games to Teach Cyber and Information Security Concepts</a>
- List of tabletop games to teach cyber and information security
concepts.</li>
</ul>
<h2 id="contributing">Contributing</h2>
<p>Contributions welcome! Read the <a
href="CONTRIBUTING.md">contribution guidelines</a> first.</p>
<p><a
href="https://github.com/Karneades/awesome-security-card-games">securitycardgames.md
Github</a></p>
Reference in New Issue View Git Blame Copy Permalink