Category:OWASP Security Ninjas AppSec Training Program

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Security Ninjas
Security Ninjas is an open-source Application Security Training Program.

Description
The training program slide deck covers the OWASP Top10 vulnerabilities and some general security best practices. The hands-on training lab consists of 10 fun real world like hacking exercises corresponding to each of the OWASP Top10 vulnerabilities.

Licensing
This program is free software: you can redistribute it and/or modify it under the terms of the MIT License..


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
Slide Deck

Source Code

Docker repo and instructions

Project Leader

 * Shruti Gupta

Project Sponsor
{| width="10%" cellpadding="2" | align="center" valign="top" width="10px" rowspan="2"| |}


 * valign="top" style="padding-left:25px;width:50px;" |

News and Events
[May 1 2015] Security Ninjas released


 * }

=FAQs=

1. What is special about this project? - This is one of the very few projects which offers systematic, guided hands-on AppSec training to folks with very minimal AppSec or Penetration Testing knowledge. This would not only teach you how to find and exploit vulnerabilities but also hot to fix them and not have them in the first place! In today's world of advancing web attacks and seeing how complicated web applications are becoming, this training is something that every software engineer should take.

2. How much time does it take to set up the hands on lab? - If you use the docker build, it takes only a few seconds to setup the lab!

3. Is it hard to setup and destroy the hands-on lab container? - It is super simple to set up and destroy the container. If use docker, there are no dependency issues as well, no matter what platform you are using!

4. Why did I chose Docker? - Setting up and destroying the environment would be super easy and quick. - The docker container would be sandboxed which means that the vulnerable application wouldn’t be able to harm the host OS.

= Acknowledgements =

Volunteers

 * [mailto:shruti.gupta@owasp.org Shruti Gupta] Shruti Gupta

The first contributors to the project were:


 * [mailto:shruti.gupta@owasp.org Shruti Gupta] Shruti Gupta created the OWASP Security Ninjas project

= Road Map and Getting Involved =

Roadmap
The project is 100% complete.
 * 1) https://s3.amazonaws.com/uploads.hipchat.com/56752/780760/3x4fL62dXpumdQd/upload.png.


 * 1) You can read the full blog.

Getting Involved
If you have suggestions/ comments about how this project could be made better, please email [mailto:shruti.gupta@owasp.org Shruti Gupta] Shruti Gupta.

=Minimum Viable Product= I already have the deliverables 100% ready:

The Application Security Training Program consists of a slide deck which is here

and the Source Code can be found here

It is fastest (takes less than 10 seconds to deploy and run) to setup and run the hands on lab in a Docker container. The docker repo and instructions are here