rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2d63fe63cdc259a8b0049caa7dfa409165087fa3
awesome-awesomeness/readmes/securitycardgames.md2
Jonas Zeunert 2d63fe63cd Restructure with Makefile + add html output
2024-04-20 19:22:54 +02:00

49 lines
3.4 KiB
Plaintext
Raw Blame History

# Awesome Security Card Games [![Awesome](https://awesome.re/badge.svg)](https://github.com/sindresorhus/awesome)
> A curated list of security card games (which are sometimes known as tabletop exercises).
Security card games help train your skills and enable discussions for various areas of security.
## Contents
- [Application Security](#application-security)
- [Cryptography](#cryptography)
- [Data Privacy](#data-privacy)
- [Incident Response](#incident-response)
- [Threat Modeling](#threat-modeling)
- [Various Resources](#various-resources)
## Application Security
- [Cornucopia](https://www.owasp.org/index.php/OWASP_Cornucopia) - A card game based on OWASP's Top 10 (authentication, data Validation etc.). The [card deck](https://www.owasp.org/images/7/71/Owasp-cornucopia-ecommerce_website.pdf) is available as PDF from OWASP.
## Cryptography
- [Crypto Go](https://www.cryptogogame.com/EN) - An educational card game designed to teach up to date
symmetric cryptography. Crypto Go deck consists of cards representing modern cryptographic tools.
## Data Privacy
- [Know your risks](https://aca.edu.au/resources/cyber-sharing-cards/) - Learn what information is safe to share online and understand the risks. Learn about whether to share, not share or be cautious with different pieces of information.
## Incident Response
- [Backdoors & Breaches](https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/) - An incident response card game. It helps you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.
- [Defensomania](https://github.com/Karneades/Defensomania) - An incident response card game for security monitoring and incident response teams to discuss priorities, possible response actions and attack scenarios.
## Threat Modeling
- [Elevation of Privilege (EOP) by Microsoft](https://web.archive.org/web/20150312215303/http://www.microsoft.com/security/sdl/adopt/eop.aspx) - A card game based on Microsoft's threat modeling framework "STRIDE" (Spoofing, Tampering etc.). The [card deck](https://www.microsoft.com/en-us/download/details.aspx?id=20303) is available as PDF from Microsoft. Adam Shostack, the author of EoP has also a [git repo](https://github.com/adamshostack/eop/) for EoP.
- [Security Cards](http://securitycards.cs.washington.edu/index.html) - A card game encouraging to think broadly and creatively about computer security threats. Four dimensions are covered: Human Impact, Adversary's Motivations, Adversary's Resources, Adversary's Methods.
- [Cumulus](https://github.com/TNG/cumulus) - A threat modeling card game for the clouds which helps you find threats to your DevOps or cloud project and teaches developers a security oriented mindset.
## Various Resources
- [Tabletop Security Games & Cards](https://adam.shostack.org/games.html) - List of security card games created and maintained by Adam Shostack.
- [Tabletop Simulations to Improve Your Information Security Program](https://redcanary.com/blog/using-tabletop-simulations-to-improve-information-security/) - Red Canary's write-up about tabletop exercises for information security programs.
- [Game On: Tabletop Games to Teach Cyber and Information Security Concepts](https://www.linkedin.com/pulse/game-tabletop-games-teach-cyber-information-security-mike-mcgannon) - List of tabletop games to teach cyber and information security concepts.
## Contributing
Contributions welcome! Read the [contribution guidelines](CONTRIBUTING.md) first.
Reference in New Issue View Git Blame Copy Permalink