This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Application Security Curriculum"
Hblankenship (talk | contribs) (Created page with "<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;text-alig...") |
Hblankenship (talk | contribs) (→Project Leader) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div> | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div> | ||
− | + | ==Description== | |
− | |||
− | + | Part of OWASP’s main purpose is to “Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software”. A key part of that mission is to educate not just the current generation of developers or information security professionals, but also the next generation, particularly in the context of the acknowledged skills shortage in the security sector. | |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | A common problem with many security education programmes (whether cyber or InfoSec) or even traditional computer science programmes is that they do not address application security adequately, if at all. In some regions, attempts have been made to address this deficit. | ||
− | + | In the UK for example, ISC2 and the BCS are working on an initiative to embed security firmly within the Computer Science curriculum, with an emphasis on secure coding techniques. OWASP, through my involvement, also champions this initiative. | |
− | |||
− | |||
− | |||
− | + | There is an opportunity for OWASP to pull together its wide-ranging expertise, projects, and dedicated volunteers to engage in these types of education programmes and initiatives by developing an educational strategy for undergraduate and postgraduate students. This could take the form of an open “Standard” curriculum template which can be adopted and adapted by diverse educational partners and organisations. Such a template would also give a useful starting point or reference document for when we engage with other professional bodies. | |
− | == | + | === Aims & Objectives === |
− | + | ||
− | + | * What aspects of Application Security knowledge and skills does industry need? | |
− | + | * What problems relating to application security does the next generation of graduate software developers, computer scientists and security analysts need to solve? | |
+ | * Establish a core set of learning objectives for BSC/MSc level Application Security curricula | ||
+ | * Establish which OWASP Projects are useful to help shape and support curricula in Application Security | ||
+ | * Determine a mechanism by which regional/local deliveries of the curriculum could be supported by the OWASP community (for example, OWASP supporters on validation panels, critical friend on module design, guest lectures and training academics). | ||
+ | |||
+ | ===Project Outputs & Roadmap=== | ||
− | + | * Produce a wider survey of OWASP trainers and educational supporters to canvas opinions on a wider range of generic Application Security Skills and knowledge which would be required from a curriculum and determining suitable learning objectives to be able to produce an “open” curriculum for any educational institution or trainer to use. | |
− | + | * A second and larger part of the work is then to map the knowledge, skills & learning objectives to OWASP Project materials to help deliver quality educational experiences to those study Application Security | |
− | |||
− | |||
==Licensing== | ==Licensing== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==Getting Involved== | ==Getting Involved== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Project Resources == | == Project Resources == | ||
− | |||
− | |||
− | |||
[https://github.com/SamanthaGroves Installation Package] | [https://github.com/SamanthaGroves Installation Package] | ||
Line 83: | Line 47: | ||
[https://github.com/SamanthaGroves Video] | [https://github.com/SamanthaGroves Video] | ||
− | == Project | + | == Project Leaders == |
− | + | ||
− | + | ||
− | + | [mailto://adrian.winckles@owasp.org Adrian Winckles] | |
− | + | [mailto://[email protected] John DiLeo] | |
== Related Projects == | == Related Projects == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
==Classifications== | ==Classifications== | ||
Line 101: | Line 60: | ||
{| width="200" cellpadding="2" | {| width="200" cellpadding="2" | ||
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]] |
|- | |- | ||
− | | | + | | rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]] |
− | | | + | | width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]] |
|- | |- | ||
− | | | + | | width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]] |
|} | |} | ||
|} | |} | ||
Line 114: | Line 73: | ||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
− | [[Category:OWASP Project]] [[Category:OWASP_Document]] | + | [[Category:OWASP Project]] |
+ | [[Category:OWASP_Document]] |
Latest revision as of 14:01, 15 April 2019
Description
Part of OWASP’s main purpose is to “Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software”. A key part of that mission is to educate not just the current generation of developers or information security professionals, but also the next generation, particularly in the context of the acknowledged skills shortage in the security sector.
A common problem with many security education programmes (whether cyber or InfoSec) or even traditional computer science programmes is that they do not address application security adequately, if at all. In some regions, attempts have been made to address this deficit.
In the UK for example, ISC2 and the BCS are working on an initiative to embed security firmly within the Computer Science curriculum, with an emphasis on secure coding techniques. OWASP, through my involvement, also champions this initiative.
There is an opportunity for OWASP to pull together its wide-ranging expertise, projects, and dedicated volunteers to engage in these types of education programmes and initiatives by developing an educational strategy for undergraduate and postgraduate students. This could take the form of an open “Standard” curriculum template which can be adopted and adapted by diverse educational partners and organisations. Such a template would also give a useful starting point or reference document for when we engage with other professional bodies.
Aims & Objectives
* What aspects of Application Security knowledge and skills does industry need? * What problems relating to application security does the next generation of graduate software developers, computer scientists and security analysts need to solve? * Establish a core set of learning objectives for BSC/MSc level Application Security curricula * Establish which OWASP Projects are useful to help shape and support curricula in Application Security * Determine a mechanism by which regional/local deliveries of the curriculum could be supported by the OWASP community (for example, OWASP supporters on validation panels, critical friend on module design, guest lectures and training academics).
Project Outputs & Roadmap
- Produce a wider survey of OWASP trainers and educational supporters to canvas opinions on a wider range of generic Application Security Skills and knowledge which would be required from a curriculum and determining suitable learning objectives to be able to produce an “open” curriculum for any educational institution or trainer to use.
- A second and larger part of the work is then to map the knowledge, skills & learning objectives to OWASP Project materials to help deliver quality educational experiences to those study Application Security
Licensing
Getting Involved
Project Resources
Project Leaders
Related Projects
Classifications
|}