Difference between revisions of "Category:OWASP Education Project New"

From OWASP
Jump to: navigation, search
(Education Material Categorized)
(Undo revision 65334 by Paulo Coimbra (Talk))
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{:Project Information:template Education Project}}
 
{{:Project Information:template Education Project}}
[[Category:OWASP Project]]
+
[[Category:OWASP Project|Education Project New]]
 
[[Category:OWASP Education Modules]]
 
[[Category:OWASP Education Modules]]
 
[[Category:OWASP Document]]
 
[[Category:OWASP Document]]
Line 11: Line 11:
 
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.<br><br>
 
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.<br><br>
 
The first list of modules can be found [[OWASP Education Project Modules|here]].
 
The first list of modules can be found [[OWASP Education Project Modules|here]].
 
== Goals & Roadmap ==
 
 
Currently the project goals are to create Educational Tracks:
 
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
 
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
 
* Create a [[OWASP Education Presentation|consolidation page of OWASP presentations]] performed in the past with the possibility to add comments
 
* [[Education Track: OWASP Boot Camp |OWASP Boot Camp]] OWASP Training events, get ready for secure application development
 
* [[Education Track: OWASP Capture the flag application | Capture the flag application ]]
 
* ...
 
Further breakdown of tasks and future developments are listed in the [[OWASP Education Project Roadmap|road map]].<br>
 
 
== Spoc007 Progress ==
 
The Education project was selected for [http://www.owasp.org/index.php/SpoC_007_-_OWASP_Education_Project Spoc007 participation] (see page for progress).
 
 
The SpoC007 goal is to finish Sub Goals 1, 2, 3 and perform Sub Goal 4 during the coming months ([[OWASP Education Project Roadmap|road map]]).
 
 
== Project Guiding Principles ==
 
 
This project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in eduction tracks.<br>
 
An important guideline is therefore that the material produced is modular.<br>
 
 
== Resources and links ==
 
 
This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet. <br>
 
This project will draw pieces of information from:
 
* The [http://www.owasp.org/index.php/Category:OWASP_Video Video's]
 
* The presentations, currently being inventorized in the [[OWASP Education Presentation Rating|consolidation page of OWASP presentations]]¨
 
* [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
 
* ...
 
One of the modules to create will be a Resources module, not limited to OWASP.
 
 
== Feedback and Participation: ==
 
 
We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].
 
 
If you used material from our project, please use the available [[:Image:Education_Track_Evaluation_Template.doc|evaluation forms]] and let uw know how we can improve our modules and tracks.
 
 
== Project Contributors ==
 
 
If you contribute to this Project, please add your name here.<br>
 
Project Lead:
 
* [[User:Sdeleersnyder|Sebastien Deleersnyder]]
 
 
Contributors:
 
 
* [[User:medelibero|Mike de Libero]]
 
* [[User:Bunyamin|Bunyamin Demir]]
 
* [[User:xxradar|Philippe Bogaerts]]
 
* [[User:Brennan|Tom Brennan]]
 
* [[User:knoblochmartin| Martin Knobloch]]
 
* [[User:Mccorga| Grady McCorkle]]
 
* you? ...
 
  
 
== Education Material Categorized ==
 
== Education Material Categorized ==
  
 
The education materialis categorized in two manors, by the CLASP roles and a more global way of general concern.
 
The education materialis categorized in two manors, by the CLASP roles and a more global way of general concern.
 +
==== OWASP Top Ten ====
 +
The [[:Category:OWASP_Top_Ten_Project |'''OWASP Top Ten''']] represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. There are currently versions in English, French, Japanese, Korean and Turkish. A Spanish version is in the works. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A1|A1 - Cross Site Scripting (XSS)]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A2|A2 - Injection Flaws]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A3|A3 - Malicious File Execution]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A4|A4 - Insecure Direct Object Reference]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A5|A5 - Cross Site Request Forgery (CSRF)]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A6|A6 - Information Leakage and Improper Error Handling]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A7|A7 - Broken Authentication and Session Management]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A8|A8 - Insecure Cryptographic Storage]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A9|A9 - Insecure Communications]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 +
'''[[Top_10_2007-A10|A10 - Failure to Restrict URL Access]]'''
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 +
|}
 +
 +
<br>
  
==== OWASP Tool projects ====
+
==== OWASP Tooling ====
 
An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
 
An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
 
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
 
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
Line 75: Line 146:
 
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
 
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
  
<hr>
+
<hr><br>''' Protect:'''
''' Tools'''
+
 
<br>
+
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
  ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
Line 85: Line 155:
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training video
 
|}
 
|}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 91: Line 173:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
|}
 
|}
 +
 +
<br>''' Detect:'''
 +
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
Line 99: Line 192:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 107: Line 208:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
|}
 
|}
 +
 +
<br>''' Life Cycle:'''
 +
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
Line 115: Line 227:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
|}
 
|}
 
<br>
 
<br>
==== OWASP Documentation projects ====
+
==== OWASP Documentation ====
 
An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
 
An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
 
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
 
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
Line 125: Line 245:
 
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
 
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
  
<hr>
+
<hr><br> '''Protect: '''
<br>
+
 
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
Line 132: Line 252:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 140: Line 268:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
|}
 
|}
 +
 +
 +
<br>''' Detect:'''
 +
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
Line 148: Line 288:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 156: Line 304:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 164: Line 320:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
|}
 
|}
 +
 +
<br>''' Life Cycle:'''
 +
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
  ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
Line 172: Line 339:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 180: Line 355:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 188: Line 371:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 199: Line 390:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 206: Line 405:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 213: Line 420:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 226: Line 441:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 233: Line 456:
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 
  | style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''  
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 +
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 +
* training material
 +
|-
 +
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 243: Line 474:
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Mediate'''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert '''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 258: Line 489:
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Mediate'''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert '''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 273: Line 504:
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Mediate'''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert '''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 288: Line 519:
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Mediate'''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert '''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 303: Line 534:
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Mediate'''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
 
  |-
 
  |-
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert '''  
+
  | style="width:25%; background:#7B8ABD" align="left"| '''Expert'''  
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material  
 
* training material  
Line 376: Line 607:
 
* training material  
 
* training material  
 
|}
 
|}
 +
 +
 +
== Goals & Roadmap ==
 +
 +
Currently the project goals are to create Educational Tracks:
 +
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
 +
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
 +
* Create a [[OWASP Education Presentation|consolidation page of OWASP presentations]] performed in the past with the possibility to add comments
 +
* [[Education Track: OWASP Boot Camp |OWASP Boot Camp]] OWASP Training events, get ready for secure application development
 +
* [[Education Track: OWASP Capture the flag application | Capture the flag application ]]
 +
* ...
 +
Further breakdown of tasks and future developments are listed in the [[OWASP Education Project Roadmap|road map]].<br>
 +
 +
== Spoc007 Progress ==
 +
The Education project was selected for [http://www.owasp.org/index.php/SpoC_007_-_OWASP_Education_Project Spoc007 participation] (see page for progress).
 +
 +
The SpoC007 goal is to finish Sub Goals 1, 2, 3 and perform Sub Goal 4 during the coming months ([[OWASP Education Project Roadmap|road map]]).
 +
 +
== Project Guiding Principles ==
 +
 +
This project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in eduction tracks.<br>
 +
An important guideline is therefore that the material produced is modular.<br>
 +
 +
== Resources and links ==
 +
 +
This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet. <br>
 +
This project will draw pieces of information from:
 +
* The [http://www.owasp.org/index.php/Category:OWASP_Video Video's]
 +
* The presentations, currently being inventorized in the [[OWASP Education Presentation Rating|consolidation page of OWASP presentations]]¨
 +
* [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
 +
* ...
 +
One of the modules to create will be a Resources module, not limited to OWASP.
 +
 +
== Feedback and Participation: ==
 +
 +
We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].
 +
 +
If you used material from our project, please use the available [[:Image:Education_Track_Evaluation_Template.doc|evaluation forms]] and let uw know how we can improve our modules and tracks.
 +
 +
== Project Contributors ==
 +
 +
If you contribute to this Project, please add your name here.<br>
 +
Project Lead:
 +
* [[User:Sdeleersnyder|Sebastien Deleersnyder]]
 +
 +
Contributors:
 +
 +
* [[User:medelibero|Mike de Libero]]
 +
* [[User:Bunyamin|Bunyamin Demir]]
 +
* [[User:xxradar|Philippe Bogaerts]]
 +
* [[User:Brennan|Tom Brennan]]
 +
* [[User:knoblochmartin| Martin Knobloch]]
 +
* [[User:Mccorga| Grady McCorkle]]
 +
* you? ...
  
 
__NOTOC__
 
__NOTOC__

Latest revision as of 14:09, 3 July 2009


PROJECT IDENTIFICATION
Project Name OWASP Education Project Project
Short Project Description The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.
Key Project Information Project Leader
Martin Knobloch
Project Contributors
See here
Mailing List
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects
Provisory Beta Quality
Please see here for complete information.

OWASP Videos
OWASP Education Presentations
OWASP WebGoat Project

OWASP Live CD Project
OWASP Testing Guide
OWASP Development Guide Project
OWASP Code Review Project
OWASP ASDR Project


Welcome to the OWASP Education Project

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.

The first list of modules can be found here.

Education Material Categorized

The education materialis categorized in two manors, by the CLASP roles and a more global way of general concern.

OWASP Top Ten

The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. There are currently versions in English, French, Japanese, Korean and Turkish. A Spanish version is in the works. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

A1 - Cross Site Scripting (XSS)

Presentation
  • training material
Video's
  • training video

A2 - Injection Flaws

Presentation
  • training material
Video's
  • training video

A3 - Malicious File Execution

Presentation
  • training material
Video's
  • training video

A4 - Insecure Direct Object Reference

Presentation
  • training material
Video's
  • training video

A5 - Cross Site Request Forgery (CSRF)

Presentation
  • training material
Video's
  • training video

A6 - Information Leakage and Improper Error Handling

Presentation
  • training material
Video's
  • training video

A7 - Broken Authentication and Session Management

Presentation
  • training material
Video's
  • training video

A8 - Insecure Cryptographic Storage

Presentation
  • training material
Video's
  • training video

A9 - Insecure Communications

Presentation
  • training material
Video's
  • training video

A10 - Failure to Restrict URL Access

Presentation
  • training material
Video's
  • training video


OWASP Tooling

An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).



Protect:

OWASP AntiSamy Java Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Video's
  • training video

OWASP Enterprise Security API (ESAPI) Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


Detect:

OWASP Live CD Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP WebScarab Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


Life Cycle:

OWASP WebGoat Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


OWASP Documentation

An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).



Protect:

OWASP Development Guide

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Ruby on Rails Security Guide V2

Beginner
  • training material
Experienced
  • training material
Expert
  • training material



Detect:

OWASP Code Review Guide

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Testing Guide

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OOWASP Top Ten Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


Life Cycle:

OWASP AppSec FAQ Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Legal Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Source Code Review for OWASP-Projects

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


Profession / Interest

Below you find the education material categorized by profession and interest.

Management
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Student
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Technical
Beginner
  • training material
Experienced
  • training material
Expert
  • training material


CLASP roles

CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible.

Architect
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Designer
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Implementer
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Project Manager
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Requirements Specifier
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Security Auditor
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Test Analyst
Beginner
  • training material
Experienced
  • training material
Expert
  • training material

SAMM Disciplines & Functions

Alignment & Governance
Education & Guidance
  • training material
Standards & Compliance
  • training material
Strategic Planning
  • training material
Requirements & Design
Threat Modeling
  • training material
Security Requirements
  • training material
Defensive Design
  • training material
Verification & Assessment
Architectuur Review
  • training material
Code Review
  • training material
Security Testing
  • training material
Deployment & Operations
Vulnerability Mangement
  • training material
Infrastrucxture Hardening
  • training material
Operational Enablement
  • beginner
  • mediate
  • expert
  • training material


Goals & Roadmap

Currently the project goals are to create Educational Tracks:

Further breakdown of tasks and future developments are listed in the road map.

Spoc007 Progress

The Education project was selected for Spoc007 participation (see page for progress).

The SpoC007 goal is to finish Sub Goals 1, 2, 3 and perform Sub Goal 4 during the coming months (road map).

Project Guiding Principles

This project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in eduction tracks.
An important guideline is therefore that the material produced is modular.

Resources and links

This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet.
This project will draw pieces of information from:

One of the modules to create will be a Resources module, not limited to OWASP.

Feedback and Participation:

We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the mailing list.

If you used material from our project, please use the available evaluation forms and let uw know how we can improve our modules and tracks.

Project Contributors

If you contribute to this Project, please add your name here.
Project Lead:

Contributors:


How to add a new OWASP Education Project New article

You can follow the instructions to make a new OWASP Education Project New article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the OWASP Education Project New category:

[[Category:OWASP Education Project New]]

Pages in category "OWASP Education Project New"

The following 3 pages are in this category, out of 3 total.