Education Material Categorized
Profession / Interest
Below you find the education material categorized by profession and interest.
| Management
|
| Beginner
|
|
| Experienced
|
|
| Expert
|
|
| Student
|
| Beginner
|
|
| Experienced
|
|
| Expert
|
|
| Developer
|
| Beginner
|
|
| Experienced
|
|
| Expert
|
|
| Tester
|
| Beginner
|
|
| Experienced
|
|
| Expert
|
|
OWASP Top Ten
The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. There are currently versions in English, French, Japanese, Korean and Turkish. A Spanish version is in the works. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
OWASP Tooling
An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
Protect:
Detect:
Life Cycle:
OWASP Documentation
An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
Protect:
Detect:
Life Cycle:
CLASP roles
CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible.
SAMM Disciplines & Functions
| Alignment & Governance
|
| Education & Guidance
|
|
| Standards & Compliance
|
|
| Strategic Planning
|
|
| Requirements & Design
|
| Threat Modeling
|
|
| Security Requirements
|
|
| Defensive Design
|
|
| Verification & Assessment
|
| Architectuur Review
|
|
| Code Review
|
|
| Security Testing
|
|
| Deployment & Operations
|
| Vulnerability Mangement
|
|
| Infrastrucxture Hardening
|
|
| Operational Enablement
|
|
