1 / 8

OWASP Education

The OWASP Education Working Session on November 5, 2008, focused on enhancing knowledge transfer from OWASP projects to the broader community. Key goals included increasing OWASP awareness among C-level executives, creating non-technical materials, and developing role-based training tailored to Managers, Analysts, Architects, Developers, and Security Auditors. The session proposed innovative strategies such as how-to guides, engaging videos, and coordinated guest lectures to effectively educate both doers and educators within the cybersecurity field. Building a comprehensive set of resources was emphasized for impactful learning.

quana
Télécharger la présentation

OWASP Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Education Working Session Notes - Ideas Nov 05, 2008

  2. Guidelines • Structure materials existing (mostly technical) • Create non-existent (mostly non-technical)

  3. Goal – Knowledge transfer from OWASP projects towards the community • Ideas • PR project in sync with education • Increase awareness of OWASP among C-level executives • Guide to the Guides (Executive Summary) • Textbooks – focus on the learner not the trainer • How-To’s / OWASP for dummies / digital editions • Participate in development, CSO conferences • Flash demonstrations of the Top 10 / Youtube • Synergy with LiveCD • Training by target audience and by role • Videos for WebGoat exploits in action: • http://yehg.net/lab/pr0js/training/webgoat.php

  4. Role based training • Material (Y-axis) & Role (X-axis) exercise • 3 Roles – Managers + Analysts, Architects + Developers, Security Auditors + QA (testers) • Student Roles • Should be Novice level • Six month or Year long process • Should they be evaluated at the end? • Canned guest lectures

  5. Where to focus? (ideas) • Focus on the do-ers, focus on students secondarily • Educate the educators (force-multiplier) • Vote: Generally agreed to focus on educating the doers with regard to three roles • Boot camp • Some difficulty with the various quality levels between existing materials • Problems with revisioning and sharing (google docs solution maybe) • Should be broad scope of topics (covered lightly) with deeper references to more OWASP materials/resources • Ask projects to provide boot camp materials for their projects and target audience • Pick an OWASP conference and reserve a slot for the OWASP Boot Camp (Washington DC in 2009 as suggested by Rex Booth)

  6. Structure of training materials • Powerpoints with slide notes (there’s an Education Project guideline about this) • There must be slide notes • Can do recordings of presentation and transcribe the notes for completeness • Updated “intro to OWASP” deck • Something small that introduces people to OWASP, resources, projects, etc. • Coordinated way to contact speakers • Linked to OWASP on the Move

  7. Winter of Code possibility • Map content to target audience and roles

  8. Ideas to consider for implementation • Allow people to train themselves • Live CD Integration • Assists Universities/Academia and High School • Corporate (non-tech professionals) • Complement internal training programs

More Related