Skip to content

feat: add Spanish (ES) translation for webapp cards v3.0#2312

Open
slegarraga wants to merge 1 commit intoOWASP:masterfrom
slegarraga:translate/webapp-cards-3.0-es
Open

feat: add Spanish (ES) translation for webapp cards v3.0#2312
slegarraga wants to merge 1 commit intoOWASP:masterfrom
slegarraga:translate/webapp-cards-3.0-es

Conversation

@slegarraga
Copy link

@slegarraga slegarraga commented Feb 19, 2026

Summary

Complete Spanish translation of webapp-cards-3.0-en.yamlwebapp-cards-3.0-es.yaml.

Closes #2238

Details

This PR adds the full Spanish translation for the OWASP Cornucopia Website App Edition v3.0, including:

  • All 78 card descriptions across all 6 suits (VE, AT, SM, AZ, CR, C) plus 2 Jokers
  • All paragraph text (instructions, FAQ, acknowledgements, changelog, etc.)

Translation approach

  • Based on the existing v2.2 Spanish translation patterns and terminology for consistency
  • Updated for v3.0 content changes: MFA/passkeys in authentication cards, modernized session management descriptions, ASVS v5.0 references
  • Neutral Spanish (no region-specific slang), suitable for all Spanish-speaking audiences
  • Native speaker quality — natural phrasing, not literal machine translation
  • Consistent terminology throughout (e.g. "eludir" for bypass, "cifrado" for encrypted, "sanitización" for sanitization)

Checklist

  • Only translates source/webapp-cards-3.0-en.yamlsource/webapp-cards-3.0-es.yaml
  • YAML structure matches the English source exactly
  • All card IDs, values, and URLs preserved unchanged
  • Version updated to 3.0 in meta and title fields

I'm a native Spanish speaker from Chile. Happy to address any feedback on terminology or phrasing.

@slegarraga
feat: add Spanish (ES) translation for webapp cards v3.0
ec60bcf 
Translates the complete webapp-cards-3.0-en.yaml file to Spanish,
including all card descriptions and paragraph text.

Based on the existing v2.2 Spanish translation patterns and terminology,
updated for v3.0 changes including:
- MFA and passkeys terminology in authentication cards
- Updated session management descriptions
- ASVS v5.0 references
- Modern session management practices

Translation uses neutral Spanish (avoiding region-specific slang),
maintaining consistent terminology with existing Spanish translations.

Closes OWASP#2238
@sydseter
Copy link
Collaborator

sydseter commented Feb 19, 2026

@slegarraga Thank you so much for your pull-request. I will have a look as soon as I am able.

GentMonkey
GentMonkey reviewed Feb 25, 2026
View reviewed changes
Copy link

@GentMonkey GentMonkey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the Spanish translation for v3.0.

I’ve reviewed and overall the translation is accurate, technically sound, and consistent. I’ve suggested a few minor improvements. Good work overall, thank you.

source/webapp-cards-3.0-es.yaml
value: "A"
url: "https://cornucopia.owasp.org/cards/VEA"
desc: "Has inventado un nuevo ataque contra la Validación de Datos y Codificación"
misc: "Lea más sobre este tema en las Cheat Sheets gratuitas de OWASP sobre Validación de Entrada, Prevención de XSS, Prevención de XSS basado en DOM, Prevención de Inyección SQL y Parametrización de Consultas"
Copy link

@GentMonkey GentMonkey Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

En el resto del documento está en segunda persona informal:

"Has inventado…"

Aquí cambia a tratamiento formal ("Lea").

Debería mantenerse consistente:

"Lee más sobre este tema..."

source/webapp-cards-3.0-es.yaml
id: "VEX"
value: "10"
url: "https://cornucopia.owasp.org/cards/VEX"
desc: "Darío puede explotar la confianza que la aplicación deposita en una fuente de datos (p. ej. datos definibles por el usuario, manipulación de datos almacenados localmente, alteración del estado de datos en un dispositivo cliente, falta y/o aplicación inadecuada de controles del lado del cliente, falta de verificación de identidad durante la validación de datos, como que Darío pueda hacerse pasar por Colin)"
Copy link

@GentMonkey GentMonkey Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"datos definibles por el usuario"

Eso no suena natural.
En inglés es user-supplied data.

Mejor:

"datos proporcionados por el usuario"

source/webapp-cards-3.0-es.yaml
id: "AZ2"
value: "2"
url: "https://cornucopia.owasp.org/cards/AZ2"
desc: "Tim puede influir en hacia dónde se envían o reenvían los datos"
Copy link

@GentMonkey GentMonkey Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error: "influir en hacia"

Propuesta:
“Tim puede influir en adónde se envían o reenvían los datos.”

source/webapp-cards-3.0-es.yaml
id: "VE5"
value: "5"
url: "https://cornucopia.owasp.org/cards/VE5"
desc: "Jee puede eludir las rutinas de codificación centralizadas ya que no se están utilizando en todos los activos, o se están utilizando codificaciones incorrectas"
Copy link

@GentMonkey GentMonkey Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

“activos” (assets) no aparece en el original; se entiende “en todas partes / en toda la app”.

Propuesta:

“...ya que no se están utilizando en todas partes…” o “...de forma integral en toda la aplicación…”

source/webapp-cards-3.0-es.yaml
text: "Imprimiendo las tarjetas"
-
id: "T00710"
text: "Consulte la página del proyecto Cornucopia para saber cómo obtener mazos preimpresos en cartulina brillante."
Copy link

@GentMonkey GentMonkey Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Se sugiere mantener el tuteo, coherente como fue usado previamente en “Has inventado”.

sydseter
sydseter requested changes Feb 26, 2026
View reviewed changes
source/webapp-cards-3.0-es.yaml
url: "https://cornucopia.owasp.org/cards/AZQ"
desc: "Christopher puede inyectar un comando que la aplicación ejecutará con un nivel de privilegios más alto"
-
id: "AZK"
Copy link
Collaborator

@sydseter sydseter Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please keep in mind that the name Ryan for AZK should be switched with Adrian as we are changing the name featured on that card.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sydseter sydseter sydseter requested changes

@cw-owasp cw-owasp Awaiting requested review from cw-owasp cw-owasp is a code owner

@rewtd rewtd Awaiting requested review from rewtd rewtd is a code owner

+1 more reviewer

@GentMonkey GentMonkey GentMonkey left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

translate website app v3.0 to Spanish

3 participants

@slegarraga @sydseter @GentMonkey