This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Security Ninjas AppSec Training Program"

From OWASP
Jump to: navigation, search
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...")
 
Line 5: Line 5:
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
<span style="color:#ff0000">
 
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.
 
</span>
 
  
 
==OWASP Security Ninjas==
 
==OWASP Security Ninjas==
An AppSec Training Program. The training program slide deck covers the OWASP Top10 vulnerabilities and some general security best practices. The hands-on training lab consists of 10 fun real world like hacking exercises corresponding to OWASP Top10.
+
Security Ninjas is an open-source Application Security Training Program.  
  
 
==Description==
 
==Description==
 +
 +
The training program slide deck covers the OWASP Top10 vulnerabilities and some general security best practices. The hands-on training lab consists of 10 fun real world like hacking exercises corresponding to each of the OWASP Top10 vulnerabilities.
 
<span style="color:#ff0000">
 
<span style="color:#ff0000">
 
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.   
 
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.   
Line 76: Line 74:
  
 
=FAQs=
 
=FAQs=
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<span style="color:#ff0000">
 
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
 
</span>
 
  
 +
1. What is special about this project?
 +
- This is one of the very few projects which offers systematic, guided hands-on AppSec training to folks with very minimal AppSec or Penetration Testing knowledge.
 +
This would not only teach you how to find and exploit vulnerabilities but also hot to fix them and not have them in the first place! In today's world of advancing web attacks and seeing how complicated web applications are becoming, this training is something that every software engineer should take.
 +
 +
2. How much time does it take to set up the hands on lab?
 +
- If you use the docker build, it takes only a few seconds to setup the lab!
 +
 +
3. Is it hard to setup and destroy the hands-on lab container?
 +
- It is super simple to set up and destroy the container. If use docker, there are no dependency issues as well, no matter what platform you are using!
 +
 +
4. Why did I chose Docker?
 +
- Setting up and destroying the environment would be super easy and quick.
 +
- The docker container would be sandboxed which means that the vulnerable application wouldn’t be able to harm the host OS.
  
  
Line 86: Line 93:
 
==Volunteers==
 
==Volunteers==
  
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
+
* [mailto:shruti.gupta@owasp.org Shruti Gupta] Shruti Gupta
<span style="color:#ff0000">
 
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
 
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.  
 
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
 
</span>
 
  
  
 
The first contributors to the project were:
 
The first contributors to the project were:
  
* [mailto:[email protected] Shruti Gupta] Shrute Gupta] who created the OWASP Cornucopia project that the template was derived from
+
* [mailto:[email protected] Shruti Gupta] Shruti Gupta created the OWASP Security Ninjas project
  
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
  
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<span style="color:#ff0000">
 
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
 
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
 
</span>
 
 
==Roadmap==
 
==Roadmap==
The project is 100% complete. I just open sourced it this week and got incredible responses. It was the top post on the security subreddit (www.reddit.com/r/netsec). See screenshot here: https://s3.amazonaws.com/uploads.hipchat.com/56752/780760/3x4fL62dXpumdQd/upload.png. Got lots of responses and downloads. People suggested that I make this an OWASP Project to help organizations and developers save time and money spent on AppSec Training. I think it would be able to benefit the community even more if it were an OWASP project. I could even improve the training further based on the feedback/ requests. The good thing about it is that its fully complete, doesn't and wouldn't need any funding, practically very easy and convenient to run, and scale up to hundreds and thousands of trainees.  
+
The project is 100% complete.  
 +
#https://s3.amazonaws.com/uploads.hipchat.com/56752/780760/3x4fL62dXpumdQd/upload.png.  
  
You can read the full [https://engineering.opendns.com/2015/03/16/security-ninjas-an-open-source-application-security-training-program/ blog] .  
+
#You can read the full [https://engineering.opendns.com/2015/03/16/security-ninjas-an-open-source-application-security-training-program/ blog] .  
  
 
==Getting Involved==
 
==Getting Involved==
 +
 +
If you have suggestions/ comments about how this project could be made better, please email [mailto:[email protected] Shruti Gupta] Shruti Gupta.
  
  

Revision as of 23:11, 30 April 2015

OWASP Project Header.jpg

OWASP Security Ninjas

Security Ninjas is an open-source Application Security Training Program.

Description

The training program slide deck covers the OWASP Top10 vulnerabilities and some general security best practices. The hands-on training lab consists of 10 fun real world like hacking exercises corresponding to each of the OWASP Top10 vulnerabilities. This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.


Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the MIT License..

Project Resources

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.

Slide Deck

Source Code

Docker repo and instructions


Project Leader

Shruti Gupta

Related Projects

This is where you can link to other OWASP Projects that are similar to yours.


Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-breakers-small.png

News and Events

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.


1. What is special about this project? - This is one of the very few projects which offers systematic, guided hands-on AppSec training to folks with very minimal AppSec or Penetration Testing knowledge. This would not only teach you how to find and exploit vulnerabilities but also hot to fix them and not have them in the first place! In today's world of advancing web attacks and seeing how complicated web applications are becoming, this training is something that every software engineer should take.

2. How much time does it take to set up the hands on lab? - If you use the docker build, it takes only a few seconds to setup the lab!

3. Is it hard to setup and destroy the hands-on lab container? - It is super simple to set up and destroy the container. If use docker, there are no dependency issues as well, no matter what platform you are using!

4. Why did I chose Docker? - Setting up and destroying the environment would be super easy and quick. - The docker container would be sandboxed which means that the vulnerable application wouldn’t be able to harm the host OS.


Volunteers


The first contributors to the project were:

  • Shruti Gupta Shruti Gupta created the OWASP Security Ninjas project


Roadmap

The project is 100% complete.

  1. upload.png.
  1. You can read the full blog .

Getting Involved

If you have suggestions/ comments about how this project could be made better, please email Shruti Gupta Shruti Gupta.


I already have the deliverables 100% ready:

The Application Security Training Program consists of a slide deck which is here

and the Source Code can be found here

It is fastest (takes less than 10 seconds to deploy and run) to setup and run the hands on lab in a Docker container. The docker repo and instructions are here


This category currently contains no pages or media.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Security_Ninjas_AppSec_Training_Program&oldid=194265"