[Owasp-board] Free OWASP Top 10 Training online

Matt Tesauro matt.tesauro at owasp.org
Fri Dec 10 18:51:51 UTC 2010


Seba:  I will talk with the Education Committee about working with Ivan
esp if we can get him to the summit.

Dinis:  One thing you don't know about this is that the project was
started with a grant.  I asked how this got created initially and the
university applied and got a grant to setup the initial release of
Hacking-Lab.  Since it has academic (read non-commercial roots), they've
keep it open/free and continue to add functionality.

So, maybe we need to think about grants and SoC again in the future.
Perhaps grant $X to add A, B, C features to WebGoat for example.

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site

On 12/10/2010 07:13 AM, dinis cruz wrote:
> I think that this is a brilliant idea and resource our community
> 
> On the other hand, it shows what happens when our projects stop
> innovating and evolving. For example WebGoat could had easily be in same
> position, with similar services built on top of it :(
> 
> Dinis Cruz
> 
> On 10 December 2010 07:03, Seba <seba at owasp.org <mailto:seba at owasp.org>>
> wrote:
> 
>     Hi Matt,
> 
>     Great!
> 
>     I suggest we forward this to the education committee and research
>     together what the best way is to push this further?
> 
>     --Seba
> 
> 
>     On Thu, Dec 9, 2010 at 7:15 PM, Matt Tesauro <matt.tesauro at owasp.org
>     <mailto:matt.tesauro at owasp.org>> wrote:
> 
>         I sat in on Ivan Butler's talk at AppSec DC and spoke with him
>         afterward.  In our conversation, I found out he runs Hacking-Lab
>         (http://hacking-lab.com/) and he's interested in working with OWASP.
> 
>         He has a Live CD with a pre-configured VPN connection to a
>         controlled
>         attack network.  This started at a University in Europe and is free.
> 
>         For students, they use the Live CD and VPN log in with same
>         creds that
>         work on the hacking-lab.com <http://hacking-lab.com> website.
>          They can post their answers to
>         challenges on the website which are queued to instructors.
> 
>         For instructors, they have a queue of answers which they can
>         award full,
>         no or partial credit for the answer provided.  They also have full
>         details of the challenges both the problem and how to solve it.
> 
>         In our talk, he noted interest in collaborating with OWASP on some
>         events (which is a collection of challenges) - they easily have
>         enough
>         challenges to cover the OWASP Top 10 and could likely cover 90
>         to 100%
>         of the OWASP Testing Guide.
> 
>         He'd like to brand the event with OWASP logo's etc.  He'd also
>         like help
>         reviewing the challenges and proof-reading the English in the
>         problems/solutions.  The ones I read were fine but he'd like native
>         English speakers to review them.
> 
>         This could be a huge win for OWASP.  I'd like to get this guy to the
>         Summit in Feb to talk about collaborating with OWASP.
> 
>         Thoughts?
> 
>         Below is the email I received from Ivan yesterday:
> 
>         On 12/08/2010 09:59 AM, Ivan Buetler wrote:
>         > Hi Matt,
>         >
>         > Sorry for not coming back earlier, was/am quite busy at the
>         time. If
>         > interested, we would like to open an OWASP TOP 10 online
>         training in
>         > Hacking-Lab. We are thinking of a training with the following
>         > pre-conditions
>         >
>         > * OWASP top 10 training (all cases are covered)
>         > * Trainer feature for some well-known, trustworthy OWASP members
>         > * Access to the solution videos of the OWASP TOP 10 issues
>         > * Branding the OWASP Hacking-Lab Event in an OWASP-style
>         > * OWASP Certificate for those receiving full points to all lab
>         cases
>         >
>         > What do you think about such a collaboration? Let me know if
>         this is
>         > interesting for OWASP.
>         >
>         > Ivan
> 
>         --
>         -- Matt Tesauro
>         OWASP Board Member
>         OWASP WTE Project Lead
>         http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>         http://AppSecLive.org - Community and Download site
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 




More information about the Owasp-board mailing list