Difference between revisions of "OWASP Education Project Roadmap"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.texttrdaral.com)
 
(14 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
= Current Goal Tasks =
 
= Current Goal Tasks =
  
== Sub Goal 1: Create overview of OWASP presentations (50%) ==
+
== Sub Goal 1: Create overview of OWASP presentations (100%) ==
 
The following is a list of tasks that have to be performed for the project:
 
The following is a list of tasks that have to be performed for the project:
* Add the majority of presentation material on [[OWASP Education Presentation|the presentation overview page]] (50% - all)
+
* Add the majority of presentation material on [[OWASP Education Presentation|the presentation overview page]] (100% - all)
* Provide [[:Category:OWASP_Presentations#OWASP_Education_Presentation_Guidelines| Guidance page]] on OWASP presentations and re-usability and link in other related presentation pages (50% - review asked on mailing list)
+
* Provide [[:Category:OWASP_Presentations#OWASP_Education_Presentation_Guidelines| Guidance page]] on OWASP presentations and re-usability and link in other related presentation pages (100% Seba)
  
== Sub Goal 2: Design agenda 2 Tracks (40%) ==
+
== Sub Goal 2: Design agenda 2 Tracks (100%) ==
 
For the two 4 hour tracks:
 
For the two 4 hour tracks:
 
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)  
 
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)  
 
Perform the following:
 
Perform the following:
:* Describe track overview (25% - Grady)
+
:* Describe track overview (100% - Seba)
:* Describe track target audience (25% - Grady)
+
:* Describe track target audience (100% - Seba)
:* Design a TOC with titles, one paragraph per title and timing (0% - Grady)
+
:* Design a TOC with titles, one paragraph per title and timing (100% - Seba)
:* Perform a review cycle on the TOC and get external feedback (0% - volunteers needed)
+
:* Perform a review cycle on the TOC and get external feedback (100% - Seba)
:* Finish TOC for approval by the project team (0% - volunteers needed)
+
:* Finish TOC for approval by the project team (100% - Seba)
  
 
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)  
 
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)  
Line 25: Line 25:
 
:* Describe track target audience (100% - volunteers needed)
 
:* Describe track target audience (100% - volunteers needed)
 
:* Design a TOC with titles, one paragraph per title and timing (100% - seba)
 
:* Design a TOC with titles, one paragraph per title and timing (100% - seba)
:* Perform a review cycle on the TOC and get external feedback (50% - some feedback is inserted - external feedback required)
+
:* Perform a review cycle on the TOC and get external feedback (100% - Seba)
:* Finish TOC for approval by the project team (0% - volunteers needed)
+
:* Finish TOC for approval by the project team (100% - Seba)
  
== Sub Goal 3: Create Modules (20 %)==
+
== Sub Goal 3: Create Modules (100 %)==
 
To support the 2 target tracks and eventually other tracks, modules will have to be created. This means:
 
To support the 2 target tracks and eventually other tracks, modules will have to be created. This means:
 
* Work out some basic rules on module slides (100% - Seba)
 
* Work out some basic rules on module slides (100% - Seba)
Line 34: Line 34:
 
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)  
 
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)  
 
Perform the following:
 
Perform the following:
:* From the TOC identify the necessary modules. There will  probably be overlap with TOC entries (0% - volunteers needed
+
:* From the TOC identify the necessary modules. There will  probably be overlap with TOC entries (100% - Seba)
:* For each of the modules define a title, description and prerequisites (0% - volunteers needed)
+
:* Module - Why WebAppSec matters (100% - Seba)
:* For each of the modules search for resources that can be used (0% - volunteers needed)
+
:* Module - OWASP Top 10 Introduction & Remedies  (100% - Seba)
:* Per module create a first draft from resources and further research (0% - volunteers needed)
+
:* Module - Embed within SDLC (100% - Seba)
:* Perform a review cycle by project members that did not create the module and get external feedback  (0% - volunteers needed)
+
:* Module - Good WebAppSec Resources (100% - Seba)
:* Rewrite the module, this time with detailed notes to support the individual slides and taking into account the review comments  (0% - volunteers needed)
+
:* Perform a review cycle by project members that did not create the module (100% - Seba)
:* Finish the modules with final review for approval by the project team (0% - volunteers needed)
+
 
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)  
 
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)  
 
Perform the following:
 
Perform the following:
:* From the TOC identify the necessary modules. There will  probably be overlap with TOC entries (10% - Seba + ?)
+
:* From the TOC identify the necessary modules. There will  probably be overlap with TOC entries (100% - Seba)
:* For each of the modules define a title, description and prerequisites (10% - Seba)
+
:* Module - Why WebAppSec matters (100% - Seba)
:* For each of the modules search for resources that can be used (0% - Seba)
+
:* Module - OWASP Top 10 Introduction & Remedies  (100% - Seba)
:* Per module create a first draft from resources and further research (0% - Seba)
+
:* Module - Embed within SDLC (100% - Seba)
:* Perform a review cycle by project members that did not create the module and get external feedback  (0% - Seba)
+
:* Module - Good Secure Development Practices (100% - Seba)
:* Rewrite the module, this time with detailed notes to support the individual slides and taking into account the review comments  (0% - Seba)
+
:* Module - Testing for Vulnerabilities (100% - Seba)
:* Finish the modules with final review for approval by the project team (0% - Seba)
+
:* Module - Good WebAppSec Resources (100% - Seba)
 +
:* Perform a review cycle by project members that did not create the module (100% - Seba)
  
 
== Sub Goal 4: Track try-outs (20%) ==
 
== Sub Goal 4: Track try-outs (20%) ==
Line 66: Line 66:
 
When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.
 
When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.
 
* Define other tracks
 
* Define other tracks
* Set up and maintain improvement tracks for existing tracks
+
:* 2 h awareness track
 +
:* 4h What testers should know on Web Application Security track
 +
:* ...
 +
* Set up and maintain improvement cycles for existing tracks
 
* Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks
 
* Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks
 
* Set up certification mechanisms for trainers and attendees
 
* Set up certification mechanisms for trainers and attendees

Latest revision as of 13:27, 27 May 2009

This page is split in 2 parts.
The first part is the split-up of the current goals in tasks. Here you can add who is working on what module together with the status on progress.
The second part lists longer term goals of the Eduction project. Do not hesitate to add goals and discuss them in the mailing list.

Contents

Current Goal Tasks

Sub Goal 1: Create overview of OWASP presentations (100%)

The following is a list of tasks that have to be performed for the project:

Sub Goal 2: Design agenda 2 Tracks (100%)

For the two 4 hour tracks:

Perform the following:

  • Describe track overview (100% - Seba)
  • Describe track target audience (100% - Seba)
  • Design a TOC with titles, one paragraph per title and timing (100% - Seba)
  • Perform a review cycle on the TOC and get external feedback (100% - Seba)
  • Finish TOC for approval by the project team (100% - Seba)

Perform the following:

  • Describe track overview (100% - seba)
  • Describe track target audience (100% - volunteers needed)
  • Design a TOC with titles, one paragraph per title and timing (100% - seba)
  • Perform a review cycle on the TOC and get external feedback (100% - Seba)
  • Finish TOC for approval by the project team (100% - Seba)

Sub Goal 3: Create Modules (100 %)

To support the 2 target tracks and eventually other tracks, modules will have to be created. This means:

  • Work out some basic rules on module slides (100% - Seba)

For the two 4 hour tracks:

Perform the following:

  • From the TOC identify the necessary modules. There will probably be overlap with TOC entries (100% - Seba)
  • Module - Why WebAppSec matters (100% - Seba)
  • Module - OWASP Top 10 Introduction & Remedies (100% - Seba)
  • Module - Embed within SDLC (100% - Seba)
  • Module - Good WebAppSec Resources (100% - Seba)
  • Perform a review cycle by project members that did not create the module (100% - Seba)

Perform the following:

  • From the TOC identify the necessary modules. There will probably be overlap with TOC entries (100% - Seba)
  • Module - Why WebAppSec matters (100% - Seba)
  • Module - OWASP Top 10 Introduction & Remedies (100% - Seba)
  • Module - Embed within SDLC (100% - Seba)
  • Module - Good Secure Development Practices (100% - Seba)
  • Module - Testing for Vulnerabilities (100% - Seba)
  • Module - Good WebAppSec Resources (100% - Seba)
  • Perform a review cycle by project members that did not create the module (100% - Seba)

Sub Goal 4: Track try-outs (20%)

In further stages the tracks can be piloted on 'victim' audiences.

  • Feedback forms will be necessary to capture structured feedback (100% - Seba: template created)
  • (parts) of modules will need corrections (0% - volunteers needed)

Sub Goal 5: Track Distribution

To support further evolution of the existing tracks:

  • Teach the teacher sessions can be set up
  • Webinars can be created
  • Figure out a way to accompany module with audio/video support (0% - tbd)

Future Goals

When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.

  • Define other tracks
  • 2 h awareness track
  • 4h What testers should know on Web Application Security track
  • ...
  • Set up and maintain improvement cycles for existing tracks
  • Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks
  • Set up certification mechanisms for trainers and attendees
  • Define a broader curriculum ...