Difference between revisions of "Category:OWASP Education Project"

From OWASP
Jump to: navigation, search
(Spoc007 Progress)
 
(24 intermediate revisions by 8 users not shown)
Line 1: Line 1:
== Welcome to the OWASP Education Project==
+
=Main=
  
Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience. <br>
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.<br><br>
+
The first list of modules can be found [[OWASP Education Project Modules|here]].
+
  
== Goals & Roadmap ==
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
Currently the project goals are to create Educational Tracks:
+
==OWASP Education Project==
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
+
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
+
* Create a [[OWASP Education Presentation|consolidation page of OWASP presentations]] performed in the past with the possibility to add comments
+
* ...
+
Further breakdown of tasks and future developments are listed in the [[OWASP Education Project Roadmap|road map]].<br>
+
  
== Spoc007 Progress ==
+
OWASP Education Project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in education tracks.
The Education project was selected for [http://www.owasp.org/index.php/SpoC_007_-_OWASP_Education_Project Spoc007 participation] (see page for progress).
+
An important guideline is therefore that the material produced is modular.
  
The SpoC007 goal is to finish Sub Goals 1, 2, 3 and perform Sub Goal 4 during the coming months ([[OWASP Education Project Roadmap|road map]]).
+
==Introduction==
  
== Project Guiding Principles ==
+
Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.
 +
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.
  
This project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in eduction tracks.<br>
 
An important guideline is therefore that the material produced is modular.<br>
 
  
== Resources and links ==
+
==Description==
 +
 
 +
The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.
 +
 
 +
 
 +
==Licensing==
 +
OWASP Education Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
== What is OWASP Education Project? ==
 +
 
 +
OWASP Education Project  provides:
 +
 
 +
* [[OWASP Education Material Categorized]]
 +
 
 +
 
 +
 
 +
== Presentation ==
 +
 
 +
Link to presentation
 +
 
 +
 
 +
 
 +
 
 +
== Project Leader ==
 +
 
 +
[mailto:martin.knobloch@owasp.org Martin Knobloch]
 +
 
 +
 
 +
== Related Projects ==
 +
 
 +
* [[OWASP Live CD Project]]
 +
* [[OWASP Testing Guide]]
 +
* [[OWASP Development Guide Project]]
 +
* [[OWASP Code Review Project]]
 +
* [[OWASP ASDR Project]]
 +
 
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
 
 +
* Link to page/download
 +
 
 +
 
 +
 
 +
== News and Events ==
 +
 
 +
 
 +
== In Print ==
 +
This project can be purchased as a print on demand book from Lulu.com
 +
 
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
 +
 
 +
|}
 +
 
 +
= Resources and Links =
  
 
This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet. <br>
 
This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet. <br>
 
This project will draw pieces of information from:
 
This project will draw pieces of information from:
 
* The [http://www.owasp.org/index.php/Category:OWASP_Video Video's]
 
* The [http://www.owasp.org/index.php/Category:OWASP_Video Video's]
* The presentations, currently being inventorized in the [[OWASP Education Presentation Rating|consolidation page of OWASP presentations]]¨
+
* The presentations, currently being inventorized in the [[OWASP Education Presentation|consolidation page of OWASP presentations]]¨
 
* [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
 
* [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
 
* ...
 
* ...
 
One of the modules to create will be a Resources module, not limited to OWASP.
 
One of the modules to create will be a Resources module, not limited to OWASP.
  
== Feedback and Participation: ==
+
== Educations ==
 +
* [http://www.owasp.org/index.php/Education_Track:_What_Developers_Should_Know_on_Web_Application_Security What Developers Should Know]
 +
* [https://www.owasp.org/images/8/8f/Setting_up_a_Secure_Development_Life_Cycle_with_OWASP_-_Seba_Deleersnyder.pptx Setting up a Secure Development Life Cycle with OWASP]
  
 +
= Donated Material =
 +
The following training material and presentations were donated to the education project and will be integrated in future Education Tracks.
 +
* [[Education Donated: OWASP Safe Browsing]]
 +
* [[Education Donated: OWASP ASVS 1.0 ~2 day training deck]]
 +
* [https://www.owasp.org/images/2/22/Tracks.pdf  JAVA/J2EE Secure Development Curriculum]
 +
 +
= Acknowledgements =
 +
 +
{| style="width:70%" border="0" align="center"
 +
| colspan="7" align="center" style="background:#4058A0; color:white" | '''OWASP Education Project'''
 +
|-
 +
| style="width:25%; background:#cccccc" align="center" | '''CONTRIBUTORS'''
 +
| style="width:25%; background:#cccccc" align="center" |
 +
* [[User:Sdeleersnyder|Sebastien Deleersnyder]]
 +
* [[User:knoblochmartin| Martin Knobloch]]
 +
* [[User:Brennan|Tom Brennan]]
 +
| style="width:25%; background:#cccccc" align="center" |
 +
* [[User:xxradar|Philippe Bogaerts]]
 +
* [[User:Mccorga|Grady McCorkle]]
 +
* [[User:AhmedNeil|Ahmed Neil]]
 +
| style="width:25%; background:#cccccc" align="center" |
 +
* [[User:medelibero|Mike de Libero]]
 +
* [[User:Bunyamin|Bunyamin Demir]]
 +
* [[User:Tony_Gottlieb|Tony Gottlieb]]
 +
|-
 +
| style="width:25%; background:#cccccc" align="center" | '''REVIEWERS'''
 +
| style="width:25%; background:#cccccc" align="center" |
 +
* Sebastien Gioria
 +
| style="width:25%; background:#cccccc" align="center" |
 +
* [[User:Namn|'''Nam Nguyen''']]
 +
| style="width:25%; background:#cccccc" align="center" |
 +
* [[User:Sdeleersnyder|'''Sebastien Deleersnyder''']]
 +
|}
 +
 +
= Road Map and Getting Involved =
 +
This page is split in 2 parts. <br>
 +
The first part is the split-up of the current goals in tasks. Here you can add who is working on what module together with the status on progress.<br>
 +
The second part lists longer term goals of the Eduction project. Do not hesitate to add goals and discuss them in the mailing list.
 +
 +
== Current Goal Tasks ==
 +
 +
=== Sub Goal 1: Create overview of OWASP presentations (100%) ===
 +
The following is a list of tasks that have to be performed for the project:
 +
* Add the majority of presentation material on [[OWASP Education Presentation|the presentation overview page]] (100% - all)
 +
* Provide [[:Category:OWASP_Presentations#OWASP_Education_Presentation_Guidelines| Guidance page]] on OWASP presentations and re-usability and link in other related presentation pages (100% Seba)
 +
 +
=== Sub Goal 2: Design agenda 2 Tracks (100%) ===
 +
For the two 4 hour tracks:
 +
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
 +
Perform the following:
 +
:* Describe track overview (100% - Seba)
 +
:* Describe track target audience (100% - Seba)
 +
:* Design a TOC with titles, one paragraph per title and timing (100% - Seba)
 +
:* Perform a review cycle on the TOC and get external feedback (100% - Seba)
 +
:* Finish TOC for approval by the project team (100% - Seba)
 +
 +
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
 +
Perform the following:
 +
:* Describe track overview (100% - seba)
 +
:* Describe track target audience (100% - volunteers needed)
 +
:* Design a TOC with titles, one paragraph per title and timing (100% - seba)
 +
:* Perform a review cycle on the TOC and get external feedback (100% - Seba)
 +
:* Finish TOC for approval by the project team (100% - Seba)
 +
 +
=== Sub Goal 3: Create Modules (100 %)===
 +
To support the 2 target tracks and eventually other tracks, modules will have to be created. This means:
 +
* Work out some basic rules on module slides (100% - Seba)
 +
For the two 4 hour tracks:
 +
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
 +
Perform the following:
 +
:* From the TOC identify the necessary modules. There will  probably be overlap with TOC entries (100% - Seba)
 +
:* Module - Why WebAppSec matters (100% - Seba)
 +
:* Module - OWASP Top 10 Introduction & Remedies  (100% - Seba)
 +
:* Module - Embed within SDLC (100% - Seba)
 +
:* Module - Good WebAppSec Resources (100% - Seba)
 +
:* Perform a review cycle by project members that did not create the module (100% - Seba)
 +
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
 +
Perform the following:
 +
:* From the TOC identify the necessary modules. There will  probably be overlap with TOC entries (100% - Seba)
 +
:* Module - Why WebAppSec matters (100% - Seba)
 +
:* Module - OWASP Top 10 Introduction & Remedies  (100% - Seba)
 +
:* Module - Embed within SDLC (100% - Seba)
 +
:* Module - Good Secure Development Practices (100% - Seba)
 +
:* Module - Testing for Vulnerabilities (100% - Seba)
 +
:* Module - Good WebAppSec Resources (100% - Seba)
 +
:* Perform a review cycle by project members that did not create the module (100% - Seba)
 +
 +
=== Sub Goal 4: Track try-outs (20%) ===
 +
In further stages the tracks can be piloted on 'victim' audiences.
 +
* Feedback forms will be necessary to capture structured feedback (100% - Seba: template created)
 +
* (parts) of modules will need corrections (0% - volunteers needed)
 +
 +
=== Sub Goal 5: Track Distribution ===
 +
To support further evolution of the existing tracks:
 +
* Teach the teacher sessions can be set up
 +
* Webinars can be created
 +
* Figure out a way to accompany module with audio/video support (0% - tbd)
 +
 +
== Future Goals ==
 +
 +
When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.
 +
* Define other tracks
 +
:* 2 h awareness track
 +
:* 4h What testers should know on Web Application Security track
 +
:* ...
 +
* Set up and maintain improvement cycles for existing tracks
 +
* Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks
 +
* Set up certification mechanisms for trainers and attendees
 +
* Define a broader curriculum ...
 +
 +
 +
Involvement in the development and promotion of the OWASP Education Project is actively encouraged!
 
We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].
 
We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].
  
 
If you used material from our project, please use the available [[:Image:Education_Track_Evaluation_Template.doc|evaluation forms]] and let uw know how we can improve our modules and tracks.
 
If you used material from our project, please use the available [[:Image:Education_Track_Evaluation_Template.doc|evaluation forms]] and let uw know how we can improve our modules and tracks.
  
== Project Contributors ==
 
  
If you contribute to this Project, please add your name here.<br>
 
Project Lead:
 
* [[User:Sdeleersnyder|Sebastien Deleersnyder]]
 
  
Contributors:
+
=Project About=
  
* [[User:medelibero|Mike de Libero]]
+
{{:Project Information:template Education Project}} 
* [[User:Bunyamin|Bunyamin Demir]]
+
 
* [[User:xxradar|Philippe Bogaerts]]
+
__NOTOC__ <headertabs />
* [[User:Brennan|Tom Brennan]]
+
* [[User:knoblochmartin| Martin Knobloch]]
+
* [[User:Mccorga| Grady McCorkle]]
+
* you? ...
+
  
[[Category:OWASP Project]]
+
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
[[Category:OWASP Education Modules]]
+

Latest revision as of 17:37, 29 January 2014

[edit]

OWASP Project Header.jpg

OWASP Education Project

OWASP Education Project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in education tracks. An important guideline is therefore that the material produced is modular.

Introduction

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience. This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.


Description

The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.


Licensing

OWASP Education Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is OWASP Education Project?

OWASP Education Project provides:


Presentation

Link to presentation



Project Leader

Martin Knobloch


Related Projects


Quick Download

  • Link to page/download


News and Events

In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

The following training material and presentations were donated to the education project and will be integrated in future Education Tracks.

This page is split in 2 parts.
The first part is the split-up of the current goals in tasks. Here you can add who is working on what module together with the status on progress.
The second part lists longer term goals of the Eduction project. Do not hesitate to add goals and discuss them in the mailing list.

Current Goal Tasks

Sub Goal 1: Create overview of OWASP presentations (100%)

The following is a list of tasks that have to be performed for the project:

Sub Goal 2: Design agenda 2 Tracks (100%)

For the two 4 hour tracks:

Perform the following:

  • Describe track overview (100% - Seba)
  • Describe track target audience (100% - Seba)
  • Design a TOC with titles, one paragraph per title and timing (100% - Seba)
  • Perform a review cycle on the TOC and get external feedback (100% - Seba)
  • Finish TOC for approval by the project team (100% - Seba)

Perform the following:

  • Describe track overview (100% - seba)
  • Describe track target audience (100% - volunteers needed)
  • Design a TOC with titles, one paragraph per title and timing (100% - seba)
  • Perform a review cycle on the TOC and get external feedback (100% - Seba)
  • Finish TOC for approval by the project team (100% - Seba)

Sub Goal 3: Create Modules (100 %)

To support the 2 target tracks and eventually other tracks, modules will have to be created. This means:

  • Work out some basic rules on module slides (100% - Seba)

For the two 4 hour tracks:

Perform the following:

  • From the TOC identify the necessary modules. There will probably be overlap with TOC entries (100% - Seba)
  • Module - Why WebAppSec matters (100% - Seba)
  • Module - OWASP Top 10 Introduction & Remedies (100% - Seba)
  • Module - Embed within SDLC (100% - Seba)
  • Module - Good WebAppSec Resources (100% - Seba)
  • Perform a review cycle by project members that did not create the module (100% - Seba)

Perform the following:

  • From the TOC identify the necessary modules. There will probably be overlap with TOC entries (100% - Seba)
  • Module - Why WebAppSec matters (100% - Seba)
  • Module - OWASP Top 10 Introduction & Remedies (100% - Seba)
  • Module - Embed within SDLC (100% - Seba)
  • Module - Good Secure Development Practices (100% - Seba)
  • Module - Testing for Vulnerabilities (100% - Seba)
  • Module - Good WebAppSec Resources (100% - Seba)
  • Perform a review cycle by project members that did not create the module (100% - Seba)

Sub Goal 4: Track try-outs (20%)

In further stages the tracks can be piloted on 'victim' audiences.

  • Feedback forms will be necessary to capture structured feedback (100% - Seba: template created)
  • (parts) of modules will need corrections (0% - volunteers needed)

Sub Goal 5: Track Distribution

To support further evolution of the existing tracks:

  • Teach the teacher sessions can be set up
  • Webinars can be created
  • Figure out a way to accompany module with audio/video support (0% - tbd)

Future Goals

When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.

  • Define other tracks
  • 2 h awareness track
  • 4h What testers should know on Web Application Security track
  • ...
  • Set up and maintain improvement cycles for existing tracks
  • Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks
  • Set up certification mechanisms for trainers and attendees
  • Define a broader curriculum ...


Involvement in the development and promotion of the OWASP Education Project is actively encouraged! We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the mailing list.

If you used material from our project, please use the available evaluation forms and let uw know how we can improve our modules and tracks.



PROJECT IDENTIFICATION
Project Name OWASP Education Project Project
Short Project Description The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.
Key Project Information Project Leader
Martin Knobloch
Project Contributors
See here
Mailing List
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects
Provisory Beta Quality
Please see here for complete information.

OWASP Videos
OWASP Education Presentations
OWASP WebGoat Project

OWASP Live CD Project
OWASP Testing Guide
OWASP Development Guide Project
OWASP Code Review Project
OWASP ASDR Project


Subcategories

This category has only the following subcategory.

O

Media in category "OWASP Education Project"

This category contains only the following file.