This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Education Material Categorized"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
 
back to the [[http://www.owasp.org/index.php/Category:OWASP_Education_Project Education Project]]
 
back to the [[http://www.owasp.org/index.php/Category:OWASP_Education_Project Education Project]]
  
==== Profession / Interest ====
+
{{:OWASP Education Material Categorized/Profession & Interest}}
Below you find the education material categorized by profession and interest.
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Management'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Student'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Developer'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Tester'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
<br>
 
  
==== OWASP Top Ten ====
+
{{:OWASP Education Material Categorized/OWASP Top Ten}}
The [[:Category:OWASP_Top_Ten_Project |'''OWASP Top Ten''']] represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. There are currently versions in English, French, Japanese, Korean and Turkish. A Spanish version is in the works. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A1|A1 - Cross Site Scripting (XSS)]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A2|A2 - Injection Flaws]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A3|A3 - Malicious File Execution]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A4|A4 - Insecure Direct Object Reference]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A5|A5 - Cross Site Request Forgery (CSRF)]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A6|A6 - Information Leakage and Improper Error Handling]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A7|A7 - Broken Authentication and Session Management]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A8|A8 - Insecure Cryptographic Storage]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A9|A9 - Insecure Communications]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[Top_10_2007-A10|A10 - Failure to Restrict URL Access]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Presentation'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
  
<br>
+
{{:OWASP Education Material Categorized/OWASP Tooling}}
  
==== OWASP Tooling ====
+
{{:OWASP Education Material Categorized/OWASP Documentation}}
An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
 
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
 
DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
 
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
 
  
<hr><br>''' Protect:'''
+
{{:OWASP Education Material Categorized/CLASP Roles}}
  
{| style="width:100%" border="0" align="center"
+
{{:OWASP Education Material Categorized/SAMM Disciplines & Functions}}
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[:Category:OWASP_AntiSamy_Project|OWASP AntiSamy Java Project]] '''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Video's '''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training video
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF; color:white"|<font color="white">
 
'''[[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API (ESAPI) Project]] '''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
  
<br>''' Detect:'''
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Live_CD_Project|OWASP Live CD Project]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_WebScarab_Project|OWASP WebScarab Project]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
 
<br>''' Life Cycle:'''
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_WebGoat_Project|OWASP WebGoat Project]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
<br>
 
==== OWASP Documentation ====
 
An [[:Category:OWASP_Project |'''OWASP Project''']] is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
 
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
 
DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
 
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
 
 
<hr><br> '''Protect: '''
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Guide_Project|OWASP Development Guide]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Ruby_on_Rails_Security_Guide_V2|OWASP Ruby on Rails Security Guide V2]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
 
 
<br>''' Detect:'''
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Testing_Project|OWASP Testing Guide]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Top_Ten_Project|OOWASP Top Ten Project]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
 
<br>''' Life Cycle:'''
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_AppSec_FAQ_Project|OWASP AppSec FAQ Project]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Legal_Project|OWASP Legal Project]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">
 
'''[[:Category:OWASP_Source_Code_Review_OWASP_Projects_Project|OWASP Source Code Review for OWASP-Projects]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
<br>
 
 
==== CLASP roles  ====
 
[http://www.owasp.org/index.php/Category:OWASP_CLASP_Project '''CLASP'''] (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible.
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Architect]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Designer]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Implementer]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Project Manager]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Requirements Specifier]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Security Auditor]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="white">'''[[Test Analyst]]'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Beginner'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Experienced'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Expert'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
 
==== SAMM  Disciplines & Functions ====
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Alignment & Governance'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Education & Guidance'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Standards & Compliance'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Strategic Planning'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Requirements & Design'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Threat Modeling'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Security Requirements'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Defensive Design'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Verification & Assessment'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Architectuur Review'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Code Review'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Security Testing'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="4" align="center" style="background:#FFFFFF color:white"|<font color="003399">'''Deployment & Operations'''
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Vulnerability Mangement'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Infrastrucxture Hardening'''
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|-
 
| style="width:25%; background:#7B8ABD" align="left"| '''Operational Enablement'''
 
* beginner
 
* mediate
 
* expert
 
| colspan="3" style="width:75%; background:#cccccc" align="left"|
 
* training material
 
|}
 
 
__NOTOC__
 
__NOTOC__
 
<headertabs/>
 
<headertabs/>
  
 
[[Category:OWASP Education Project]]
 
[[Category:OWASP Education Project]]

Latest revision as of 05:16, 11 October 2010

Education Material Categorized

back to the [Education Project]

Profession & Interest

Below you find the education material categorized by profession and interest.

Management

Beginner
Experienced
Expert

Student

Beginner
Experienced
  • training material
Expert
  • training material

Developer

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

Tester

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Top Ten

The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. There are currently versions in English, French, Japanese, Korean and Turkish. A Spanish version is in the works. We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

A1 - Cross Site Scripting (XSS)

Presentation
  • training material
Video's
  • training video

A2 - Injection Flaws

Presentation
  • training material
Video's
  • training video

A3 - Malicious File Execution

Presentation
  • training material
Video's
  • training video

A4 - Insecure Direct Object Reference

Presentation
  • training material
Video's
  • training video

A5 - Cross Site Request Forgery (CSRF)

Presentation
  • training material
Video's
  • training video

A6 - Information Leakage and Improper Error Handling

Presentation
  • training material
Video's
  • training video

A7 - Broken Authentication and Session Management

Presentation
  • training material
Video's
  • training video

A8 - Insecure Cryptographic Storage

Presentation
  • training material
Video's
  • training video

A9 - Insecure Communications

Presentation
  • training material
Video's
  • training video

A10 - Failure to Restrict URL Access

Presentation
  • training material
Video's
  • training video

OWASP Tooling

An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).



Protect:

OWASP AntiSamy Java Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Video's
  • training video

OWASP Enterprise Security API (ESAPI) Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


Detect:

OWASP Live CD Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP WebScarab Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


Life Cycle:

OWASP WebGoat Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Documentation

An OWASP Project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. DETECT - These are tools and documents that can be used to find security-related design and implementation flaws. LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).



Protect:

OWASP Development Guide

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Ruby on Rails Security Guide V2

Beginner
  • training material
Experienced
  • training material
Expert
  • training material



Detect:

OWASP Code Review Guide

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Testing Guide

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OOWASP Top Ten Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material


Life Cycle:

OWASP AppSec FAQ Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Legal Project

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

OWASP Source Code Review for OWASP-Projects

Beginner
  • training material
Experienced
  • training material
Expert
  • training material

CLASP Roles

CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible.

Architect
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Designer
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Implementer
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Project Manager
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Requirements Specifier
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Security Auditor
Beginner
  • training material
Experienced
  • training material
Expert
  • training material
Test Analyst
Beginner
  • training material
Experienced
  • training material
Expert
  • training material

SAMM Disciplines & Functions

Alignment & Governance

Education & Guidance
  • training material
Standards & Compliance
  • training material
Strategic Planning
  • training material

Requirements & Design

Threat Modeling
  • training material
Security Requirements
  • training material
Defensive Design
  • training material

Verification & Assessment

Architecture Review
  • training material
Code Review
  • training material
Security Testing
  • training material

Deployment & Operations

Vulnerability Management
  • training material
Infrastructure Hardening
  • training material
Operational Enablement
  • beginner
  • intermediate
  • expert
  • training material