[Owasp-board] Free OWASP Top 10 Training online

Matt Tesauro matt.tesauro at owasp.org
Fri Dec 10 18:47:58 UTC 2010


>From my conversations with him, I get the distinct impression he is
willing to work with OWASP to make sure the arrangement works for both
parties.

He's already got the infrastructure and content so if he wanted to go
rogue, it could already do that.

The real question is how do the core values, mission, openness apply to
a service offering.

>From my talk with him at AppSec DC and in emails since, he wants to work
out something that works for OWASP.  He seems quite dedicated to getting
people educated on testing techniques - especially considering his
academic background.

Considering the maturity level of Hacking-Lab, I was very surprised that
he wasn't looking for payment.

Like my reply to Jeff, I want to get him to the summit so we can work
out these details and get OWASP an awesome training environment to
increase our exposure and further our mission.

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site

On 12/10/2010 08:44 AM, Eoin wrote:
> So he wants the OWASP brand........
> Shall he adhere to our core values, mission, is this going to be an
> OWASP project or simply the use of the established OWASP brand?
>  
> 
> 
>  
> On 10 December 2010 13:13, dinis cruz <dinis.cruz at owasp.org
> <mailto:dinis.cruz at owasp.org>> wrote:
> 
>     I think that this is a brilliant idea and resource our community
> 
>     On the other hand, it shows what happens when our projects stop
>     innovating and evolving. For example WebGoat could had easily be in
>     same position, with similar services built on top of it :(
> 
>     Dinis Cruz
> 
>     On 10 December 2010 07:03, Seba <seba at owasp.org
>     <mailto:seba at owasp.org>> wrote:
> 
>         Hi Matt,
> 
>         Great!
> 
>         I suggest we forward this to the education committee and
>         research together what the best way is to push this further?
> 
>         --Seba
> 
> 
>         On Thu, Dec 9, 2010 at 7:15 PM, Matt Tesauro
>         <matt.tesauro at owasp.org <mailto:matt.tesauro at owasp.org>> wrote:
> 
>             I sat in on Ivan Butler's talk at AppSec DC and spoke with him
>             afterward.  In our conversation, I found out he runs Hacking-Lab
>             (http://hacking-lab.com/) and he's interested in working
>             with OWASP.
> 
>             He has a Live CD with a pre-configured VPN connection to a
>             controlled
>             attack network.  This started at a University in Europe and
>             is free.
> 
>             For students, they use the Live CD and VPN log in with same
>             creds that
>             work on the hacking-lab.com <http://hacking-lab.com/>
>             website.  They can post their answers to
>             challenges on the website which are queued to instructors.
> 
>             For instructors, they have a queue of answers which they can
>             award full,
>             no or partial credit for the answer provided.  They also
>             have full
>             details of the challenges both the problem and how to solve it.
> 
>             In our talk, he noted interest in collaborating with OWASP
>             on some
>             events (which is a collection of challenges) - they easily
>             have enough
>             challenges to cover the OWASP Top 10 and could likely cover
>             90 to 100%
>             of the OWASP Testing Guide.
> 
>             He'd like to brand the event with OWASP logo's etc.  He'd
>             also like help
>             reviewing the challenges and proof-reading the English in the
>             problems/solutions.  The ones I read were fine but he'd like
>             native
>             English speakers to review them.
> 
>             This could be a huge win for OWASP.  I'd like to get this
>             guy to the
>             Summit in Feb to talk about collaborating with OWASP.
> 
>             Thoughts?
> 
>             Below is the email I received from Ivan yesterday:
> 
>             On 12/08/2010 09:59 AM, Ivan Buetler wrote:
>             > Hi Matt,
>             >
>             > Sorry for not coming back earlier, was/am quite busy at
>             the time. If
>             > interested, we would like to open an OWASP TOP 10 online
>             training in
>             > Hacking-Lab. We are thinking of a training with the following
>             > pre-conditions
>             >
>             > * OWASP top 10 training (all cases are covered)
>             > * Trainer feature for some well-known, trustworthy OWASP
>             members
>             > * Access to the solution videos of the OWASP TOP 10 issues
>             > * Branding the OWASP Hacking-Lab Event in an OWASP-style
>             > * OWASP Certificate for those receiving full points to all
>             lab cases
>             >
>             > What do you think about such a collaboration? Let me know
>             if this is
>             > interesting for OWASP.
>             >
>             > Ivan
> 
>             --
>             -- Matt Tesauro
>             OWASP Board Member
>             OWASP WTE Project Lead
>             http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>             http://AppSecLive.org <http://appseclive.org/> - Community
>             and Download site
>             _______________________________________________
>             Owasp-board mailing list
>             Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
> 
> -- 
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> 
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
> 
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-- 
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site



More information about the Owasp-board mailing list