OWASP Snakes and Ladders

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Snakes and Ladders
Snakes and Ladders is an educational project. It promotes awareness of application security controls and risks, and in particular knowledge of other OWASP documents and tools, using gamification.

Editions
Web Applications



In the board game for, the virtuous behaviours (ladders) are secure coding practices (from OWASP Proactive Controls project v1.0) and the vices (snakes) are application security risks (from OWASP Top Ten Project 2013).

Mobile Apps



The identical board game for uses mobile controls (from the Mobile Security Project Top Ten Controls 2013) as the virtuous behaviours and mobile risks (from the Top Ten Mobile Risks 2014 from the same project) as the vices.

Application Intrusion Detection

Coming soon.

Licensing
OWASP Cornucopia is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

&copy; OWASP Foundation

Other Security Gamification
If you are interested in using gaming for security, also see OWASP Cornucopia, Elevation of Privilege: The Threat Modeling Game, Security Cards from the University of Washington, the commercial card game Control-Alt-Hack (presentation for latter), and web application security training tools incorporating gamification such as OWASP Hackademic Challenges Project, OWASP Security Shepherd and ITSEC Games.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is This?
Snakes and Ladders is a popular board game, with ancient provenance imported into Great Britain from Asia in the 19th century. The original game showed the effects of good and evil, or virtues and vices.

How to Play

 * The game is for 2-6 players.
 * Firstly print the sheet out.
 * Give each player a coloured counter (marker). To begin, each player should throw the die to determine who plays first; the highest can lead.
 * Put all the players' counters onto the first square labelled “Start 1”.
 * In turn, each player rolls the die and moves their counter by the number of squares indicated on the die. At the end of the move, if a player’s counter is at the bottom end of a ladder, the counter must be moved up the ladder to the square at its higher end. Conversely, if the player’s counter is located at the mouth of a snake, the counter must be moved down to the end of the snake’s tail.
 * The first player to reach “100” at the top left wins. Give a prize.

Project Leader
Colin Watson

Related Projects

 * OWASP Proactive Controls
 * OWASP Top Ten
 * OWASP Mobile Security


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download

 * Web Applications v1.0
 * [ DE], [ EN], [ ES]


 * Mobile Apps v1.0
 * [ EN]

News and Events

 * [06 Nov 2014] Version 1.0 for Web Applications released in DE, EN and ES
 * [06 Nov 2014] Version 1.0 for Mobile Apps released in EN
 * [06 Nov 2014] Project launch

Twitter
Follow two mock games running on Twitter:
 * @OWASPSnakesWeb
 * @OWASPSnakesMob

Classifications

 * }

= Web Applications Edition =

OWASP Snakes and Ladders - Web Applications
This was the first edition created. The idea is to attempt to raise awareness of the security controls that every web application should have, but link that with the much more widely known Top Ten Risks.

Colour Scheme 'Classic'


This edition uses simple primary colours, like many versions that can be seen in pictures of Snakes and Ladders games. The colours used in 'Classic' are:


 * Green
 * Yellow
 * White
 * Red
 * Blue

The start square (1) is yellow and the final square (100) is red.

Vices and Virtues
= Mobile Apps Edition =

OWASP Snakes and Ladders - Mobile Apps
The Mobile Apps edition was created after working out the idea and design for the web applications. It seemed easy to replicate the idea since the Mobile Project lists both security controls and risks.

Colour Scheme 'Farringdon'


Other people's versions of Snakes and Ladders use a wide variety of designs and colour schemes. Thus to make a complete contrast to the web application edition, the colours used are the designatory colours of the underground and mainline train services that run through Colin Watson's local station at Farringdon in Clerkenwell, London EC1. The colours in 'Farringdon' are:


 * Purple (future Crossrail)
 * Yellow (Circle)
 * White (Thameslink)
 * Maroon (Metropolitan)
 * Pink (Hammersmith & City)

You can see these colours on tube maps and signage. The start square (1) is yellow and the final square (100) is maroon.

Vices and Virtues
=FAQs=

How was the game created?
TBC

How can I participate in your project?
All you have to do is make the Project Leader aware of your available time to contribute to the project. It is also important to let the Leader know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. Please see the

If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for users, translators and people to promote the project.

= Acknowledgements =

Volunteers
Snakes and Ladders is developed, maintained, updated and promoted by a worldwide team of volunteers. The contributors to date have been:


 * Fabio Cerullo
 * Tobias Gondrom
 * Martin Haslinger
 * Riotaro Okada
 * Ferdinand Vroom
 * Ivy Zhang
 * Colin Watson

Others

 * The project leaders and contributors to the referenced controls and risks:
 * OWASP Proactive Controls
 * OWASP Top Ten
 * OWASP Mobile Security
 * OWASP staff for helping to set up the project and support its ongoing activities.

= Road Map and Getting Involved =

Version history:
 * [06 Nov 2014] v1.0 released in DE, EN and ES
 * [06 Nov 2014] v1.0 released in EN
 * [06 Nov 2014] v1.0 released in EN
 * [06 Nov 2014] v1.0 released in EN

As of November 2014, the priorities are:
 * Promote use of Snakes and Ladders [In progress]
 * Create a project presentation
 * Translate into other languages
 * Develop other boards

Involvement in the development and promotion of Snakes and Ladders is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help are listed below.

Localization
Are you fluent in another language? Can you help translate Snakes and Ladders into that language?

Use and Promote the Board Game
Please help raise awareness of Snakes and Ladders:
 * Use the game with your colleagues, friends, families, students and children
 * Create video about how to play the game
 * Develop a multi-user mobile app or web application to play the game

Feedback
Please use the project mailing list for feedback:
 * How did you use it?
 * What is people's reaction?
 * What do like?
 * What don't you like?
 * What doesn't make sense?
 * How could the guidance be improved?
 * What other boards would you like to see?

Create a Board
Do you have an idea for your own application security Snakes and Ladders board? Please contribute your ideas via the mailing list.