This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Certification Requirements"
From OWASP
(New page: {| style="width:100%" border="0" align="center" ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''OWASP Certification Project''' |- | style="w...) |
(→Content Area (Architect)) |
||
| Line 171: | Line 171: | ||
| style="width:12%; background:#deeede" align="center"|Economics''' | | style="width:12%; background:#deeede" align="center"|Economics''' | ||
| style="width:11%; background:#deeede" align="center"|20 to 30''' | | style="width:11%; background:#deeede" align="center"|20 to 30''' | ||
| − | | style="width:11%; background:#deeede" align="center"| | + | | style="width:11%; background:#deeede" align="center"|James McGovern''' |
| style="width:11%; background:#deeede" align="center"|TBD''' | | style="width:11%; background:#deeede" align="center"|TBD''' | ||
|- | |- | ||
Revision as of 23:10, 27 July 2008
| OWASP Certification Project | ||||||
|---|---|---|---|---|---|---|
| Project Name | OWASP Certification Requirements | |||||
| Summary | This document outlines the basic requirements around the exam portion of certification. Separate pages will be created to discuss marketing, dispute resolution, study aids and other aspects. | |||||
| Email Contacts | Project Leader James McGovern |
First Exam (BETA) November 1st 2008 |
Second Exam (BETA) February 1st 2009 |
Final Exam (BETA) March 1st 2009 |
Mailing List To subscribe To use | |
Learning Outcomes
- Be concise. Each question should be one to two sentences
- Describe the behavior as a desired end product
- Focus on observable behaviors only
- Use definite terms (write, define, list, identify, predict, select, etc)
- Avoid vague terms (learn, see, realize, develop, understand, apply, etc.)
Bad Examples...
- Develop accuracy (undefined trait)
- Know the rules for constructing essay tests (indefinite term)
- Define and calculate the mean and explain its uses (multiple behaviors)
Good Examples...
- Identifies the correct definition of terms
- Mount a USB key drive
- Schedule a cron job
Bloom's Taxonomy of Educational Objectives
- KNOWLEDGE (remembering previously learned material)
- Knowledge of specifics
- Knowledge of terms
- Knowledge of specific facts
- Knowledge of ways and means of dealing with specifics
- Knowledge of conventions
- Knowledge of trends and sequences
- Knowledge of classifications and categories
- Knowledge of criteria
- Knowledge of methodology
- Knowledge of the universals and abstractions
- Knowledge of principles and generalizations
- COMPREHENSION (grasping the meaning of the material)
- Translation (converting one form to another)
- Interpretation (explaining or summarizing material)
- Extrapolation (extending meaning beyond the data)
- APPLICATION (using info in concrete situations)
- Analysis (Breaking down material into its parts)
- Analysis of elements (identifying the parts)
- Analysis of relationships
- Analysis of organizational principles (identifying the way parts are organizaned)
- Evaluation (judging value of a thing using definite criteria)
- Judgments in terms of internal evidence
- Judgments in terms of external criteria
- Analysis (Breaking down material into its parts)
Content Area (Developer)
| Exam One - Apprentice | |||
|---|---|---|---|
| Subject Area | Questions (Target Count) |
Content Owner (Primary) |
Content Reviewers |
| Basic Security Principles | 30 to 40 | James McGovern | TBD |
| OWASP Top Ten | 10 to 20 | TBD | TBD |
| Penetration Testing | 30 to 40 | TBD | TBD |
| Code Review | 20 to 30 | TBD | TBD |
| Logging | 10 to 20 | James McGovern | TBD |
| Software Design Patterns | 10 to 15 | TBD | TBD |
| Network Security | 30 to 40 | James McGovern | TBD |
| XML | 20 to 30 | TBD | TBD |
| Cryptography | 10 to 15 | TBD | TBD |
| Software Testing | 20 to 30 | TBD | TBD |
| Threats and Vulnerabilities | 30 to 40 | TBD | TBD |
| Language Specific | 20 to 30 | TBD | TBD |
| Databases | 10 to 15 | TBD | TBD |
| Configuration and Release Management | 30 to 40 | TBD | TBD |
Content Area (Architect)
| Exam Two - Journeyman | |||
|---|---|---|---|
| Subject Area | Questions (Target Count) |
Content Owner (Primary) |
Content Reviewers |
| SDLC | 30 to 40 | TBD | TBD |
| Information Security Policies | 10 to 20 | TBD | TBD |
| Software Architecture | 30 to 40 | TBD | TBD |
| Economics | 20 to 30 | James McGovern | TBD |
| Requirements and Analysis | 10 to 20 | James McGovern | TBD |
| Strategy | 10 to 15 | TBD | TBD |
| SOA | 30 to 40 | Gunnar Peterson | TBD |
| Identity Management | 20 to 30 | TBD | TBD |
| Entitlements Management | 10 to 15 | James McGovern | TBD |
| Privacy | 20 to 30 | TBD | TBD |
Content Area (Master)
The third exam will be a written essay or presentation on a topic deemed appropriate by the OWASP board. The deciding criteria will be determined by OWASP chapter leaders. Each chapter leader will receive one vote. The OWASP Certification Project Leader also gets one vote and subject area contributors also will receive one vote. If people play both roles, then they are permitted two votes. In order to pass, a candidate must receive more positive votes than negative.
Disclaimers
- The target count for questions is the number of desired questions that are part of the exam question pool at any one time. Over time, questions will be expired and new ones will be added. The pool of questions created by the project team should be double the indicated target count.
- Each subject area will have two reviewers of which the project manager may agree to be one.
- The indicated target count should not be construed as to the number of questions that will be asked in any given exam. This will be determined based on psychometric analysis and/or other factors including but not limited to:
- Analysis of statistics provided by initial OWASP Certification Survey
- Detection of exam cheating (e.g. collusion, fraud, etc) by test takers
- Feedback received from beta test takers
- Adjustments to the exam to target first time test taker failure rate
- The Project Leader and members of the OWASP board will be the only entities that will ever see the entire question set
- No exam test taker, their employers or potential employers should assume that those who pass are suitable for any particular purpose, only that they have demonstrated sufficient knowledge of the subject areas covered by the exam
- In order to prevent fraud, there will be a minimum of 90 days between each exam for those who would like to retake
- OWASP reserves the right to revoke certification of test takers who have been validated as cheats on other IT certifications
- All exam takers will be required to sign and adhere to the code of ethics and to pursue continuing education on subject areas covered
- OWASP reserves the right to publish the names and full contact information of any individual or party who compromises the validity of the certification
This category currently contains no pages or media.
