Both current decks have six suits and there are also two Joker cards. Each suit contains 13 cards (Ace, 2-10, Jack, Queen and King). This page contains the card browser where you can browse through each of the cards in the OWASP Cornucopia decks.
For the previously called Ecommerce Website Edition. Instead of EoP’s STRIDE suits, the suits were selected based on the structure of the OWASP Secure Coding Practices - Quick Reference Guide (SCP) which have been migrated to the OWASP Developer Guide Web Application Checklist. The content was mainly drawn from the SCP but with additional consideration of sections in the OWASP Application Security Verification Standard, the OWASP Web Security Testing Guide and David Rook's Principles of Secure Development. These provided five suits, and a sixth called “Cornucopia” was created for everything else:
Brian can gather information about the underlying configurations, schemas, logic, code, software, services and infrastructure due to the content of error messages, or poor configuration, or the presence of default installation files or old, test, backup or copies of resources, or exposure of source code
STRIDE
I
OWASP DevGuide
SC1,SC2,SC3,SC4,SC8,SC9,SC10,SC11,SC12,SC13,FM1,FM2,FM5,EE6,EE7,EE8
OWASP ASVS
1.6.4,2.10.4,4.3.2,7.1.1,10.2.3,14.1.1,14.2.2,14.3.3
CAPEC™
54,113,116,143,144,149,150,155,169,215,224,497,541
SAFECODE
4,23