Difference between revisions of "SpoC 007 - OWASP Education Project"

From OWASP
Jump to: navigation, search
 
(17 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
  
'''AoC Candidate''':  Sebastien Deleersnyder
+
'''SpoC Candidate''':  Sebastien Deleersnyder
  
 
'''Project coordinator''': Dinis Cruz
 
'''Project coordinator''': Dinis Cruz
  
'''Project Progress''': 30% Complete, [[SpoC 007 - OWASP Education Project - Progress Page|Progress Page]]
+
'''Project Progress''': 100 % Complete, [https://www.owasp.org/index.php/Category:OWASP_Education_Project Progress Page]
  
 
== Sebastien Deleersnyder - OWASP Education Project==
 
== Sebastien Deleersnyder - OWASP Education Project==
Line 30: Line 30:
 
This is the first separate project that I started, originating from a local demand to set up educational tracks for people that are new to Web Application Security. There are literally hundreds of presentations and an enormous amount of information on the OWASP web site. The goal of this project is to restructure pieces of that information in reusable modules that can be combined in educational tracks. It is my believe that awareness is an important cornerstone of building secure web applications, and this project will actively support that.
 
This is the first separate project that I started, originating from a local demand to set up educational tracks for people that are new to Web Application Security. There are literally hundreds of presentations and an enormous amount of information on the OWASP web site. The goal of this project is to restructure pieces of that information in reusable modules that can be combined in educational tracks. It is my believe that awareness is an important cornerstone of building secure web applications, and this project will actively support that.
  
If we are granted Spoc 007 participation, I will be sharing the budget with all active participants. This will be an extra motivation for project participation. I will reinvest my part in the project to set up a web conferencing / web casting solution to be used to disseminate the project results and make them available for later use.
+
= SpoC 007 Goal Tasks and Progress =
 +
The SpoC goal is to finish Sub Goals 1, 2 and 3 and start with Sub Goal 4.
  
=== More Details ===
+
Current Progress is:
 
+
* Sub Goal 1: Create overview of OWASP presentations (100 %)
This page is split in 2 parts. <br>
+
* Sub Goal 2: Design agenda 2 Tracks (100 %)
The first part is the split-up of the current goals in tasks. Here you can add who is working on what module together with the status on progress.<br>
+
* Sub Goal 3: Create Modules (100 %)
The second part lists longer term goals of the Eduction project. Do not hesitate to add goals and discuss them in the mailing list.
+
* Sub Goal 4: Track try-outs (20 % - try-outs to be performed during the coming months)
 
+
More details are available in the project [http://www.owasp.org/index.php/OWASP_Education_Project_Roadmap roadmap].
= Current Goal Tasks =
+
 
+
== Sub Goal 1: Create overview of OWASP presentations ==
+
The following is a list of tasks that have to be performed for the project:
+
* Add the majority of presentation material on [[OWASP Education Presentation|the presentation overview page]] (40% - all)
+
* Provide [[:Category:OWASP_Presentations#OWASP_Education_Presentation_Guidelines| Guidance page]] on OWASP presentations and re-usability and link in other related presentation pages (50% - review needed on guidance)
+
 
+
== Sub Goal 2: Design agenda 2 Tracks ==
+
For the two 4 hour tracks:
+
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
+
Perform the following:
+
:* Describe track overview (25% - Grady)
+
:* Describe track target audience (25% - Grady)
+
:* Design a TOC with titles, one paragraph per title and timing (0% - Grady)
+
:* Perform a review cycle on the TOC and get external feedback (0% - volunteers needed)
+
:* Finish TOC for approval by the project team (0% - volunteers needed)
+
 
+
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
+
Perform the following:
+
:* Describe track overview (100% - seba)
+
:* Describe track target audience (100% - volunteers needed)
+
:* Design a TOC with titles, one paragraph per title and timing (50% - seba)
+
:* Perform a review cycle on the TOC and get external feedback (0% - volunteers needed)
+
:* Finish TOC for approval by the project team (0% - volunteers needed)
+
 
+
== Sub Goal 3: Create Modules ==
+
To support the 2 target tracks and eventually other tracks, modules will have to be created. This means:
+
* Work out some basic rules on module slides (0% - volunteers needed)
+
* From the 2 TOC's identify the necessary modules. There will  probably be overlap with TOC entries (0% - volunteers needed)
+
* For each of the modules define a title, description and prerequisites (0% - volunteers needed)
+
* For each of the modules search for resources that can be used (0% - volunteers needed)
+
* Per module create a first draft from resources and further research (0% - volunteers needed)
+
* Perform a review cycle by project members that did not create the module and get external feedback  (0% - volunteers needed)
+
* Rewrite the module, this time with detailed notes to support the individual slides and taking into account the review comments  (0% - volunteers needed)
+
* Finish the modules with final review for approval by the project team (0% - volunteers needed)
+
 
+
== Sub Goal 4: Track try-outs ==
+
In further stages the tracks can be piloted on 'victim' audiences.
+
* Feedback forms will be necessary to capture structured feedback (0% - volunteers needed)
+
* (parts) of modules will need corrections (0% - volunteers needed)
+
 
+
== Sub Goal 5: Track Distribution ==
+
To support further evolution of the existing tracks:
+
* Teach the teacher sessions can be set up
+
* Webinars can be created
+
* Figure out a way to accompany module with audio/video support (0% - tbd)
+
 
+
= Future Goals =
+
 
+
When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.
+
* Define other tracks
+
* Set up and maintain improvement tracks for existing tracks
+
* Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks
+
* Set up certification mechanisms for trainers and attendees
+
* Define a broader curriculum ...
+
  
 
[[Category:OWASP Education Project]]
 
[[Category:OWASP Education Project]]

Latest revision as of 10:02, 1 November 2007

Back to SpoC 007 Selection page


SpoC Candidate: Sebastien Deleersnyder

Project coordinator: Dinis Cruz

Project Progress: 100 % Complete, Progress Page

Contents

Sebastien Deleersnyder - OWASP Education Project

Executive Summary

This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.

Objectives and Deliverables

Currently the project goals are to create Educational Tracks:

  • Complete the consolidation page of OWASP presentations performed in the past
  • A "Web Application Security Primer" Track for beginners (4 hours)
  • A "What developers should know on Web Application Security" Track for developers (4 hours)

Why I should be sponsored for the project

I started the successful Belgian Chapter 3 years ago and have actively contributed to OWASP since then. I also co-organized the European conference last year in Belgium.

This is the first separate project that I started, originating from a local demand to set up educational tracks for people that are new to Web Application Security. There are literally hundreds of presentations and an enormous amount of information on the OWASP web site. The goal of this project is to restructure pieces of that information in reusable modules that can be combined in educational tracks. It is my believe that awareness is an important cornerstone of building secure web applications, and this project will actively support that.

SpoC 007 Goal Tasks and Progress

The SpoC goal is to finish Sub Goals 1, 2 and 3 and start with Sub Goal 4.

Current Progress is:

  • Sub Goal 1: Create overview of OWASP presentations (100 %)
  • Sub Goal 2: Design agenda 2 Tracks (100 %)
  • Sub Goal 3: Create Modules (100 %)
  • Sub Goal 4: Track try-outs (20 % - try-outs to be performed during the coming months)

More details are available in the project roadmap.


Back to SpoC 007 Selection page