This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Education Project"
(Major Change) |
|||
Line 1: | Line 1: | ||
{{:Project Information:template Education Project}} | {{:Project Information:template Education Project}} | ||
− | [[Category:OWASP Project|Education Project]] | + | [[Category:OWASP Project|Education Project New]] |
[[Category:OWASP Education Modules]] | [[Category:OWASP Education Modules]] | ||
[[Category:OWASP Document]] | [[Category:OWASP Document]] | ||
Line 11: | Line 11: | ||
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.<br><br> | This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.<br><br> | ||
The first list of modules can be found [[OWASP Education Project Modules|here]]. | The first list of modules can be found [[OWASP Education Project Modules|here]]. | ||
+ | |||
+ | == Education Material Categorized == | ||
+ | |||
+ | The education materialis categorized in two manors, by the CLASP roles and a more global way of general concern. | ||
+ | ==== Profession / Interest ==== | ||
+ | Below you find the education material categorized by profession and interest. | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Common''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Management''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Student''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Developer''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Tester''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | |||
+ | |||
+ | ==== OWASP Top Ten ==== | ||
+ | The [[:Category:OWASP_Top_Ten_Project |'''OWASP Top Ten''']] represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. There are currently versions in English, French, Japanese, Korean and Turkish. A Spanish version is in the works. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code. | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A1|A1 - Cross Site Scripting (XSS)]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A2|A2 - Injection Flaws]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A3|A3 - Malicious File Execution]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A4|A4 - Insecure Direct Object Reference]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A5|A5 - Cross Site Request Forgery (CSRF)]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A6|A6 - Information Leakage and Improper Error Handling]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A7|A7 - Broken Authentication and Session Management]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A8|A8 - Insecure Cryptographic Storage]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A9|A9 - Insecure Communications]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[Top_10_2007-A10|A10 - Failure to Restrict URL Access]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Presentation''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | ==== OWASP Tooling ==== | ||
+ | An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: | ||
+ | PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. | ||
+ | DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. | ||
+ | LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC). | ||
+ | |||
+ | <hr><br>''' Protect:''' | ||
+ | |||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_AntiSamy_Project|OWASP AntiSamy Java Project]] ''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Video's ''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training video | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API (ESAPI) Project]] ''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | |||
+ | <br>''' Detect:''' | ||
+ | |||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Live_CD_Project|OWASP Live CD Project]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_WebScarab_Project|OWASP WebScarab Project]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | |||
+ | <br>''' Life Cycle:''' | ||
+ | |||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_WebGoat_Project|OWASP WebGoat Project]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | <br> | ||
+ | ==== OWASP Documentation ==== | ||
+ | An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: | ||
+ | PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. | ||
+ | DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. | ||
+ | LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC). | ||
+ | |||
+ | <hr><br> '''Protect: ''' | ||
+ | |||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Guide_Project|OWASP Development Guide]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Ruby_on_Rails_Security_Guide_V2|OWASP Ruby on Rails Security Guide V2]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | |||
+ | |||
+ | <br>''' Detect:''' | ||
+ | |||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Testing_Project|OWASP Testing Guide]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Top_Ten_Project|OOWASP Top Ten Project]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | |||
+ | <br>''' Life Cycle:''' | ||
+ | |||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_AppSec_FAQ_Project|OWASP AppSec FAQ Project]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Legal_Project|OWASP Legal Project]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white"> | ||
+ | '''[[:Category:OWASP_Source_Code_Review_OWASP_Projects_Project|OWASP Source Code Review for OWASP-Projects]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | <br> | ||
+ | |||
+ | ==== CLASP roles ==== | ||
+ | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project '''CLASP'''] (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible. | ||
+ | |||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Architect]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Designer]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Implementer]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Project Manager]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Requirements Specifier]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Security Auditor]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Test Analyst]]''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Beginner''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Experienced''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Expert''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | |||
+ | ==== SAMM Disciplines & Functions ==== | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Alignment & Governance''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Education & Guidance''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Standards & Compliance''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Strategic Planning''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Requirements & Design''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Threat Modeling''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Security Requirements''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Defensive Design''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Verification & Assessment''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Architectuur Review''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Code Review''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Security Testing''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | {| style="width:100%" border="0" align="center" | ||
+ | ! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Deployment & Operations''' | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Vulnerability Mangement''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Infrastrucxture Hardening''' | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |- | ||
+ | | style="width:25%; background:#7B8ABD" align="left"| '''Operational Enablement''' | ||
+ | * beginner | ||
+ | * mediate | ||
+ | * expert | ||
+ | | colspan="3" style="width:75%; background:#cccccc" align="left"| | ||
+ | * training material | ||
+ | |} | ||
+ | |||
== Goals & Roadmap == | == Goals & Roadmap == | ||
Line 22: | Line 648: | ||
* ... | * ... | ||
Further breakdown of tasks and future developments are listed in the [[OWASP Education Project Roadmap|road map]].<br> | Further breakdown of tasks and future developments are listed in the [[OWASP Education Project Roadmap|road map]].<br> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
== Spoc007 Progress == | == Spoc007 Progress == | ||
Line 43: | Line 664: | ||
This project will draw pieces of information from: | This project will draw pieces of information from: | ||
* The [http://www.owasp.org/index.php/Category:OWASP_Video Video's] | * The [http://www.owasp.org/index.php/Category:OWASP_Video Video's] | ||
− | * The presentations, currently being inventorized in the [[ | + | * The presentations, currently being inventorized in the [[OWASP Education Presentation Rating|consolidation page of OWASP presentations]]¨ |
* [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat] | * [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat] | ||
* ... | * ... | ||
Line 69: | Line 690: | ||
* [[User:Mccorga| Grady McCorkle]] | * [[User:Mccorga| Grady McCorkle]] | ||
* you? ... | * you? ... | ||
+ | |||
+ | __NOTOC__ | ||
+ | <headertabs/> | ||
+ | |||
+ | {{PutInCategory}} |
Revision as of 23:28, 21 July 2010
PROJECT IDENTIFICATION | |||||||
---|---|---|---|---|---|---|---|
Project Name | OWASP Education Project Project | ||||||
Short Project Description | The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects. | ||||||
Key Project Information | Project Leader Martin Knobloch |
Project Contributors See here |
Mailing List Subscribe here Use here |
License Creative Commons Attribution Share Alike 3.0 |
Project Type Documentation |
Sponsors OWASP SoC 08 |
Welcome to the OWASP Education Project
Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.
The first list of modules can be found here.
Education Material Categorized
The education materialis categorized in two manors, by the CLASP roles and a more global way of general concern.
Profession / Interest
Below you find the education material categorized by profession and interest.
Common | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Management | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Student | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Developer | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Tester | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
OWASP Top Ten
The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. There are currently versions in English, French, Japanese, Korean and Turkish. A Spanish version is in the works. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
Presentation |
| ||
Video's |
|
OWASP Tooling
An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
Protect:
Beginner |
| ||
Experienced |
| ||
Expert |
| ||
Video's |
|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Detect:
Beginner |
| ||
Experienced |
| ||
Expert |
|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Life Cycle:
Beginner |
| ||
Experienced |
| ||
Expert |
|
OWASP Documentation
An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
Protect:
Beginner |
| ||
Experienced |
| ||
Expert |
|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Detect:
Beginner |
| ||
Experienced |
| ||
Expert |
|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Life Cycle:
Beginner |
| ||
Experienced |
| ||
Expert |
|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Beginner |
| ||
Experienced |
| ||
Expert |
|
CLASP roles
CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible.
Architect | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Designer | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Implementer | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Project Manager | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Requirements Specifier | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Security Auditor | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
Test Analyst | |||
---|---|---|---|
Beginner |
| ||
Experienced |
| ||
Expert |
|
SAMM Disciplines & Functions
Alignment & Governance | |||
---|---|---|---|
Education & Guidance |
| ||
Standards & Compliance |
| ||
Strategic Planning |
|
Requirements & Design | |||
---|---|---|---|
Threat Modeling |
| ||
Security Requirements |
| ||
Defensive Design |
|
Verification & Assessment | |||
---|---|---|---|
Architectuur Review |
| ||
Code Review |
| ||
Security Testing |
|
Deployment & Operations | |||
---|---|---|---|
Vulnerability Mangement |
| ||
Infrastrucxture Hardening |
| ||
Operational Enablement
|
|
Goals & Roadmap
Currently the project goals are to create Educational Tracks:
- A Web Application Security Primer Track for beginners (4 hours)
- What Developers Should Know on Web Application Security Track for developers (4 hours)
- Create a consolidation page of OWASP presentations performed in the past with the possibility to add comments
- OWASP Boot Camp OWASP Training events, get ready for secure application development
- Capture the flag application
- ...
Further breakdown of tasks and future developments are listed in the road map.
Spoc007 Progress
The Education project was selected for Spoc007 participation (see page for progress).
The SpoC007 goal is to finish Sub Goals 1, 2, 3 and perform Sub Goal 4 during the coming months (road map).
Project Guiding Principles
This project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in eduction tracks.
An important guideline is therefore that the material produced is modular.
Resources and links
This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet.
This project will draw pieces of information from:
- The Video's
- The presentations, currently being inventorized in the consolidation page of OWASP presentations¨
- WebGoat
- ...
One of the modules to create will be a Resources module, not limited to OWASP.
Feedback and Participation:
We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the mailing list.
If you used material from our project, please use the available evaluation forms and let uw know how we can improve our modules and tracks.
Project Contributors
If you contribute to this Project, please add your name here.
Project Lead:
Contributors:
How to add a new OWASP Education Project article
You can follow the instructions to make a new OWASP Education Project article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the OWASP Education Project category:
[[Category:OWASP Education Project]]
Subcategories
This category has only the following subcategory.
O
Pages in category "OWASP Education Project"
The following 10 pages are in this category, out of 10 total.
E
O
Media in category "OWASP Education Project"
This category contains only the following file.