OWASP - User contributions [en]

Category:OWASP Education Project

2007-03-01T22:31:52Z

Xxradar: /* Project Contributors */

== Welcome to the OWASP Education Project==

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience. 
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences. 
The first list of modules can be found [[OWASP Education Project Modules|here]].

== A Web Application Security Primer ==

We first start with a small project to create a slide deck of WebAppSec intro topics for newbie's. This can be used to bring OWASP chapter visitors up to speed on the topic. 
Next to the slide deck we will create some sort of teacher manual with narrative text and maybe complement this with a WebEx (or other) recording. 
After the material is created we will organize a ‘teach the teacher’ session to enable others to use this. 
What should be part of this intro? 
TOC proposal:
* Why WebAppSec & History
* OWASP Introduction
* Current Trends
* OWASP Top 10: Introduction & Remedies
* Embed within Complete Approach (People, Processes & Tools)
* Good AppSec Resources (not limited to OWASP)
We already have a large part of the above material; it’s just a matter of restructuring and recompiling some stuff to a Newbie introduction track of about 4 hours. 
Once we get this going, it can provide the base for more advanced tracks. 

== Goals & Roadmap ==

Currently the project goals are to create Educational Tracks:
* ''A Web Application Security Primer'' Track for beginners (4 hours)
* ''What developers should now on Web Application'' Security Track for developers (4 hours)
* Create a [[OWASP Education Presentation Rating|consolidation page of OWASP presentations]] performed in the past with possibilities to rate them and add comments
* ...
Further breakdown of tasks and future developments are listed in the [[OWASP Education Project Roadmap|road map]]. 

== Project Guiding Principles ==

This project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in eduction tracks. 
An important guideline is therefore that the material produced is modular. 

== Resources and links ==

This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet. 
This project will draw pieces of information from:
* The [http://www.owasp.org/index.php/Category:OWASP_Video Video's]
* The presentations, currently being inventorized in the [[OWASP Education Presentation Rating|consolidation page of OWASP presentations]]¨
* [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
* ...
One of the modules to create will be a Resources module, not limited to OWASP.

== Feedback and Participation: ==

We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].

== Project Contributors ==

If you contribute to this Project, please add your name here. 
Project Lead:
* [[User:Sdeleersnyder|Sebastien Deleersnyder]]

Contributors:

* Mike de Libero
* [[User:Bunyamin|Bunyamin Demir]]
* [[User:xxradar|Philippe Bogaerts]]
* you? ...

[[Category:OWASP Project]]

Category:OWASP XML Security Gateway Evaluation Criteria Project

2007-03-01T07:18:23Z

Xxradar: /* Project Contributors: */

== Welcome to the XML Security Gateway Evaluation Criteria Project ==

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

== Project Guiding Principles: ==

The XML Security Gateway Evaluation Criteria (XSGEC) Project’s Guiding Principles were created in order to express the intentions of its contributors when designing the criteria.

* Create evaluation criteria supporting a transparent, level playing field for XML Security Gateway solutions to define their solution's key value proposition

* Where practical, attempt to standardize nomenclature and metrics

* Educate the community on the design considerations for XML security

== Project Scope: ==

This project will focus on evaluation criteria for XML Security Gateways, that are commonly used in SOAP, Web services, SOA, and Rest applications.

== Feedback and Participation: ==

We hope you find the OWASP XML Security Gateway Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP XML Security Gateway Project mailing list or view the archives, please email Gunnar Peterson
== Project Contributors: ==

If you contribute to this Project, please add your name here
Project Lead:

* Gunnar Peterson. He can be reached at gunnar@arctecgroup.net

Contributors:

* Sebastien Deleersnyder, Ascure
* Muthu Meyyappan, United Healthcare
* Mark O'Neill, Vordel
* Ivan Ristic, Breach Security
* Brian Roddy, Cisco
* Philippe Bogaerts, NetAppSec

== More Information: ==

Security Concepts, Challenges, and Design Considerations for Web Services Integration, By Howard Lipson and Gunnar Peterson
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/assembly/639.html?branch=1&language=1

Web Application Firewall Evaluation Criteria - WASC project with similar approach, focused on the Web App FW space
http://www.webappsec.org/projects/wafec/

[[Category:OWASP Project]]

User:Xxradar

2006-06-01T15:41:26Z

Xxradar:

User:Xxradar

2006-06-01T15:41:08Z

Xxradar:

Hello, I hope this becomes an interesting place to hang out !