Difference between revisions of "OWASP Academies"

From OWASP
Jump to: navigation, search
m (removed the line about the agreement with Security Innovations, as there has not be any agreement on that subject)
 
(42 intermediate revisions by one user not shown)
Line 41: Line 41:
 
Having said that, if you find sponsorship to fund your trip and stay in Lisbon, you will be very welcome to join us – just drop [mailto:sandra.paiva@owasp.org me] a line to let me know you are coming!  
 
Having said that, if you find sponsorship to fund your trip and stay in Lisbon, you will be very welcome to join us – just drop [mailto:sandra.paiva@owasp.org me] a line to let me know you are coming!  
  
==== Venue and Hotel ====
 
 
'''Venue'''<br>
 
The two-days meeting will take place at [http://www.iscte.pt/ ISCTE - Lisbon University Institute].
 
 
 
'''Hotel'''<br>
 
Participants will be staying at [http://www.hotelroma.pt/ Hotel Roma], in the City center.
 
  
 +
For information about the Venue and Hotel, please click [[OWASP Academies Venue Hotel|'''HERE''']]
  
 
==== Confirmed Participants & Supporters ====
 
==== Confirmed Participants & Supporters ====
Line 63: Line 56:
 
* Jason Taylor - CTO of Security Innovation, US
 
* Jason Taylor - CTO of Security Innovation, US
 
* Francisco Rente - Researcher at the Universidade de Coimbra, Portugal
 
* Francisco Rente - Researcher at the Universidade de Coimbra, Portugal
* Ricardo Melo - DRI, IT Consultants Ltd  
+
* Ricardo Melo - DRI, IT Consultants Ltd, Portugal
 +
* Filipe Lacerda - Lusolabs, Portugal
 
* [[User:Pontocom|Carlos Serrão]] - [http://www.owasp.org/index.php/Portuguese OWASP Portuguese Chapter Leader], Assistant Professor at [http://www.iscte.pt ISCTE - Lisbon University Institute], Portugal   
 
* [[User:Pontocom|Carlos Serrão]] - [http://www.owasp.org/index.php/Portuguese OWASP Portuguese Chapter Leader], Assistant Professor at [http://www.iscte.pt ISCTE - Lisbon University Institute], Portugal   
 
* [[user:Dinis.cruz|Dinis Cruz]] - OWASP Board
 
* [[user:Dinis.cruz|Dinis Cruz]] - OWASP Board
Line 88: Line 82:
  
  
==== Agenda (Draft) ====
+
==== Agenda ====
  
 
{| border="0" align="center" style="width: 80%;"
 
{| border="0" align="center" style="width: 80%;"
 
|-
 
|-
! align="center" colspan="3" | '''Room XXX, [http://www.iscte.pt/ ISCTE - Lisbon University Institute]''', January 5th, 2011
+
! align="center" colspan="3" | '''Room B202/C302, [http://www.iscte.pt/ ISCTE - Lisbon University Institute]''', January 5th, 2011
 
|-
 
|-
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 10h00-10h30
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 10h00-10h30
Line 123: Line 117:
 
* What institutions will we target, what will we offer,  how will we implement it, etc;
 
* What institutions will we target, what will we offer,  how will we implement it, etc;
 
* What contents will we submit, will we offer OWASP Trainers, will this training be paid;
 
* What contents will we submit, will we offer OWASP Trainers, will this training be paid;
* Training materials t support the OWASP Academies.
+
* Training materials to support the OWASP Academies.
 
|}
 
|}
  
Line 129: Line 123:
 
{| border="0" align="center" style="width: 80%;"
 
{| border="0" align="center" style="width: 80%;"
 
|-
 
|-
! align="center" colspan="3" | '''Room XXX, [http://www.iscte.pt/ ISCTE - Lisbon University Institute]''', January 6th, 2011
+
! align="center" colspan="3" | '''Room B202/C302, [http://www.iscte.pt/ ISCTE - Lisbon University Institute]''', January 6th, 2011
 
|-
 
|-
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 10h00-11h30  
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 10h00-11h30  
| align="left" style="background: none repeat scroll 0% 0% rgb(242, 242, 242); width: 75%; -moz-background-inline-policy: continuous;" colspan="2" | Discussion / Definition of model
+
| align="left" style="background: none repeat scroll 0% 0% rgb(242, 242, 242); width: 75%; -moz-background-inline-policy: continuous;" colspan="2" | Open Discussion / Definition of OWASP Academies model
 
|-
 
|-
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 11h30-11h45  
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 11h30-11h45  
Line 138: Line 132:
 
|-
 
|-
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 11h45-13h00  
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 11h45-13h00  
| align="left" style="background: none repeat scroll 0% 0% rgb(242, 242, 242); width: 75%; -moz-background-inline-policy: continuous;" colspan="2" | Discussion / Definition of model (Cont.)
+
| align="left" style="background: none repeat scroll 0% 0% rgb(242, 242, 242); width: 75%; -moz-background-inline-policy: continuous;" colspan="2" | Open Discussion / Definition of OWASP Academies model (Cont.)
 
|-
 
|-
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 13h00-14h00  
 
| style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | 13h00-14h00  
Line 155: Line 149:
 
* Distribution of tasks  
 
* Distribution of tasks  
 
|}
 
|}
 +
 +
 +
== Live Blog of the meeting ==
 +
 +
If you were not able to be with us in Lisbon and still want to be part of the discussion, please follow the meeting Live and send us your comments via '''Cover It Live''' here:
 +
 +
* [http://www.coveritlive.com/index2.php/option=com_altcaster/task=viewaltcast/altcast_code=141a07c432/height=550/width=470 '''Wednesday, 5th January''']
 +
 +
* [http://www.coveritlive.com/index2.php/option=com_altcaster/task=viewaltcast/altcast_code=63a88eafbe/height=550/width=470 '''Thursday, 6th January''']
 +
 +
 +
The '''Events will go LIVE''' at 10h30m on Wednesday, the 5th January and 10h on Thursday, the 6th January.
 +
 +
We are looking forward to seeing you online!
 +
 +
 +
==== Conclusions of the Meeting ====
 +
 +
'''Following two days of intense and animated debate''' about what would be the best model to support the OWASP Academies, '''the team gathered in Lisbon has reached the following results:'''
 +
 +
* The OWASP Academies will be embodied by the '''OAP (OWASP Academic Portal)'''
 +
<br>
 +
* The '''OAP''' will be an online platform, mainly aimed at professors and students, comprised by 3 distinct components
 +
 +
** '''Blocks''' – sets of teachable contents formatted for diverse purposes and ready to use
 +
 +
** '''Labs''' – platforms with vulnerable apps and hands-on exercises
 +
 +
** '''Community''' – where interaction platforms, foruns and tools facilitating asynchronous communication will be made available
 +
<br>
 +
* It has been decided that an OWASP Project would be created to support this area of work – [[OWASP Academy Portal Project|OWASP Academy Portal Project]]
 +
<br>
 +
* The OPA will be led by [[user:Knoblochmartin|Martin Knobloch]], Ricardo Melo and [[user:Conpap|Konstantinos Papapanagiotou]] and will have the following contributors: Vasileos Vlachos, Jim Burkman, Andreas Fuchsberger, Jason Taylor, [[User:Pontocom|Carlos Serrão]], Filipe Lacerda, Ed Adams, [[user:Dinis.cruz|Dinis Cruz]]
 +
<br>
 +
* Filipe Lacerda accepted the responsibility of hosting the 1st version of the OWASP Academies Portal and Vasileos and Kostas will ensure the hosting of the Labs of the Portal
 +
<br>
 +
* Security Innovation has agreed to sponsor this Project by providing a hosting environment that allows SCORM eLearning content, forums, glossary, resources (such as zip, word, pdf, etc) and tracking and reporting features
 +
<br>
 +
* It has been agreed that the 1st version of the OAP will be presented at the Summit'11
 +
<br>
 +
 +
 +
 +
== Blogs of the Meeting ==
 +
 +
To follow the discussion we have had, please read through the '''live blogs''' of the two days which are available below.
 +
 +
'''[http://www.coveritlive.com/index2.php/option=com_altcaster/task=viewaltcast/altcast_code=141a07c432/height=550/width=470 Session 5th January]'''
 +
 +
[http://www.coveritlive.com/index2.php/option=com_altcaster/task=viewaltcast/altcast_code=141a07c432/height=550/width=470 http://www.owasp.org/images/e/e7/Liveblog_5_Jan.JPG]
 +
 +
 +
'''[http://www.coveritlive.com/index2.php/option=com_altcaster/task=viewaltcast/altcast_code=63a88eafbe/height=550/width=470 Session 6th January]'''
 +
 +
[http://www.coveritlive.com/index2.php/option=com_altcaster/task=viewaltcast/altcast_code=63a88eafbe/height=550/width=470 http://www.owasp.org/images/d/dd/Liveblog_6_Jan.JPG]
 +
 +
 +
== Materials ==
 +
 +
Materials used, pictures and presentations delivered during these two days can be acessed here:
 +
 +
* [http://www.owasp.org/index.php/File:OWASP_Academies_Meeting_GR_presented.ppt Kostas and Vasileos' presentation of their experience in Greece]
 +
 +
* [http://www.owasp.org/index.php/File:Security_Course.pptx Jason Taylor's presentation of a course designed for the Montana State University]
 +
 +
* [http://www.owasp.org/index.php/File:Certification_-_January_2011_OWASP_Acadamies_Meeting_v0.2.pdf Security Innovation's presentation of Certification model]
 +
 +
* [http://www.owasp.org/index.php/File:Course_Seguran%C3%A7a_em_Redes_e_Sistemas_de_Informa%C3%A7%C3%A3o_ISCTE.pdf Course on Web Security and Information Systems (ISCTE)], from [[User:Pontocom|Carlos Serrão]]
 +
 +
* [http://www.owasp.org/index.php/File:Courses_curricula_AppSec_course_suite_Martin_K.doc Courses curricula AppSec course suite], from Martin K.
 +
 +
* (Gallery - pictures and videos)
 +
 +
 +
== UPDATE - 11 Jan 2011 ==
 +
 +
We would like to inform that, within the context of the Academies meeting and what has there been discussed, [[User:Pontocom|Carlos Serrão]] (Portuguese Chapter Leader and Assistant Professor at ISCTE - Instituto Universitário) has informed us of ISCTE's interest in discussing the idea of creating a Summer Course on the AppSec area.
 +
 +
Following a more detailed conversation with Carlos and a subsequent discussion with [[user:Dinis.cruz|Dinis Cruz (OWASP Board)]], it has been decided that [[user:Sandra Paiva|Sandra Paiva]], [[user:Paulo Coimbra|Paulo Coimbra]] and [[User:Pontocom|Carlos Serrão]] would draft a plan for the creation of a Summer School. 
 +
  
  

Latest revision as of 18:33, 2 February 2011



OWASP Academies meeting - 5th, 6th January

Preparatory meeting for the Summit'11

Following the email sent in October regarding the OWASP Academies and the work OWASP is developing to implement and operationalize this concept, multiple feedback and contributions for the discussion have been received.


We thought that one way to turn the feedback and interest received into something positive and constructive would be to sit the people involved at a table and discuss experiences, views and ideas for the OWASP Academies' operational model. Knowing, for example, how the already established connections with Universities were started and how they are working, what would seem to these partners the most reasonable “next step” in terms of formalization or knowing what, from the Universities’ point of view, would be an interesting model of relationship, could be of great use for our own definition and consolidation of the OWASP Academies concept.


In this context, a meeting will be held on the 5th and 6th of January, in Lisbon, with the following format:

  • Two days (5th and 6th January) of working sessions focused on the OWASP Academies where the operational model will be discussed with the intent to prepare a draft that can be presented and debated in the Summit'11 to happen in February;
  • Main objectives should be:
    • Definition of the concept behind the OWASP Academy model;
    • Discussion of Certification;
    • Identification of a "to do" list for the Summit'11.


The meetings will take place at ISCTE, Lisbon University Institute, in Lisbon. Address is Av.ª das Forças Armadas, 1649-026 LISBOA.


Unfortunately, due to budgetary constraints, it will not be possible for us to invite all who have contributed for the discussion and pay for their traveling and accommodation. We have therefore devised a criteria of selection for paid invitations that takes into account both the level of engagement in the discussion and the amount of work already done within the Academic community.


Having said that, if you find sponsorship to fund your trip and stay in Lisbon, you will be very welcome to join us – just drop me a line to let me know you are coming!


For information about the Venue and Hotel, please click HERE

Confirmed Participants & Supporters

Participants

  • Martin Knobloch – Netherlands Local Chapter and Global Education Committee, Netherlands
  • Konstantinos Papapanagiotou - Greece Local Chapter, Information Security Services Manager at Syntax IT Inc, Visiting Lecturer at the University of Piraeus, Greece
  • Vasileos Vlachos - Greece Local Chapter, Lecturer at the Technological Educational Institute of Larissa, Greece
  • Jim Burkman - Assistant Professor, at the Oklahoma State University, US
  • Andreas Fuchsberger – Information Security Group, Royal Holloway University, UK
  • Ed Adams - President & CEO of Security Innovation, US
  • Jason Taylor - CTO of Security Innovation, US
  • Francisco Rente - Researcher at the Universidade de Coimbra, Portugal
  • Ricardo Melo - DRI, IT Consultants Ltd, Portugal
  • Filipe Lacerda - Lusolabs, Portugal
  • Carlos Serrão - OWASP Portuguese Chapter Leader, Assistant Professor at ISCTE - Lisbon University Institute, Portugal
  • Dinis Cruz - OWASP Board
  • Paulo Coimbra - OWASP Project Manager, Portugal
  • Sandra Paiva - OWASP Training Manager, Portugal


Supporters

Syntax.PNG Si-logo-100x40 (2).jpg RHU.png
OSU.png iscte-iul.png TEIL.jpg


Agenda

Room B202/C302, ISCTE - Lisbon University Institute, January 5th, 2011
10h00-10h30 Reception of participants
10h30-11h30 Presentation of the OWASP Academies concept

Existing materials
(Dinis Cruz)

11h30-11h45 Coffee Break
11h45-13h30 How OWASP contents are currently being used by Universities

(Representatives from Universities - Konstantinos Papapanagiotou, Vasileos Vlachos, Jim Burkman, Andreas Fuchsberger, Carlos Serrão)

13h30-14h30 Lunch
14h30-16h30 Certification Project – content, technology, proposed model

(Ed Adams and Jason Taylor, Security Innovation)

16h30-16h45 Coffee Break
16h45-18h00 Open discussion on what the OWASP Academies model should be:
  • What institutions will we target, what will we offer, how will we implement it, etc;
  • What contents will we submit, will we offer OWASP Trainers, will this training be paid;
  • Training materials to support the OWASP Academies.


Room B202/C302, ISCTE - Lisbon University Institute, January 6th, 2011
10h00-11h30 Open Discussion / Definition of OWASP Academies model
11h30-11h45 Coffee Break
11h45-13h00 Open Discussion / Definition of OWASP Academies model (Cont.)
13h00-14h00 Lunch
14h00-16h00 Certification Project – Integration with the OWASP Academies model

(Ed Adams, Jason Taylor (Security Innovation) and Dinis Cruz)

16h00-16h15 Coffee Break
16h15-17h30 Wrap up and draft of the model
  • Identification of to-do list for the Summit
  • Distribution of tasks


Live Blog of the meeting

If you were not able to be with us in Lisbon and still want to be part of the discussion, please follow the meeting Live and send us your comments via Cover It Live here:


The Events will go LIVE at 10h30m on Wednesday, the 5th January and 10h on Thursday, the 6th January.

We are looking forward to seeing you online!


Conclusions of the Meeting

Following two days of intense and animated debate about what would be the best model to support the OWASP Academies, the team gathered in Lisbon has reached the following results:

  • The OWASP Academies will be embodied by the OAP (OWASP Academic Portal)


  • The OAP will be an online platform, mainly aimed at professors and students, comprised by 3 distinct components
    • Blocks – sets of teachable contents formatted for diverse purposes and ready to use
    • Labs – platforms with vulnerable apps and hands-on exercises
    • Community – where interaction platforms, foruns and tools facilitating asynchronous communication will be made available




  • Filipe Lacerda accepted the responsibility of hosting the 1st version of the OWASP Academies Portal and Vasileos and Kostas will ensure the hosting of the Labs of the Portal


  • Security Innovation has agreed to sponsor this Project by providing a hosting environment that allows SCORM eLearning content, forums, glossary, resources (such as zip, word, pdf, etc) and tracking and reporting features


  • It has been agreed that the 1st version of the OAP will be presented at the Summit'11



Blogs of the Meeting

To follow the discussion we have had, please read through the live blogs of the two days which are available below.

Session 5th January

Liveblog_5_Jan.JPG


Session 6th January

Liveblog_6_Jan.JPG


Materials

Materials used, pictures and presentations delivered during these two days can be acessed here:

  • (Gallery - pictures and videos)


UPDATE - 11 Jan 2011

We would like to inform that, within the context of the Academies meeting and what has there been discussed, Carlos Serrão (Portuguese Chapter Leader and Assistant Professor at ISCTE - Instituto Universitário) has informed us of ISCTE's interest in discussing the idea of creating a Summer Course on the AppSec area.

Following a more detailed conversation with Carlos and a subsequent discussion with Dinis Cruz (OWASP Board), it has been decided that Sandra Paiva, Paulo Coimbra and Carlos Serrão would draft a plan for the creation of a Summer School.