[Owasp-board] Free OWASP Top 10 Training online

Matt Tesauro matt.tesauro at owasp.org
Fri Dec 10 18:57:36 UTC 2010


He seemed quite open to that but, again, since its a service, it falls
outside the "normal" OWASP project.  I know we can't assess it with ACv2
- it has no concept of a service.  Maybe a sub-set of the Hacking-Lab
offerings (those on App Sec) could be OWASP branded or "approved".

But I do see this as a way for OWASP to engage with outside entities
which have overlap with OWASP and could work together to meet mutual goals.

How all that works, I'd hope to get worked out at the Summit.

BTW, Ivan is in Europe (Switzerland to be exact) to travel costs would
be less. ;)

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site

On 12/10/2010 08:43 AM, Dave Wichers wrote:
> I understand he wants OWASP branding for the event, but would this effort
> become an OWASP project?
> 
> -Dave
> 
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Matt Tesauro
> Sent: Thursday, December 09, 2010 1:16 PM
> To: OWASP Foundation Board List
> Subject: [Owasp-board] Free OWASP Top 10 Training online
> 
> I sat in on Ivan Butler's talk at AppSec DC and spoke with him afterward.
> In our conversation, I found out he runs Hacking-Lab
> (http://hacking-lab.com/) and he's interested in working with OWASP.
> 
> He has a Live CD with a pre-configured VPN connection to a controlled attack
> network.  This started at a University in Europe and is free.
> 
> For students, they use the Live CD and VPN log in with same creds that work
> on the hacking-lab.com website.  They can post their answers to challenges
> on the website which are queued to instructors.
> 
> For instructors, they have a queue of answers which they can award full, no
> or partial credit for the answer provided.  They also have full details of
> the challenges both the problem and how to solve it.
> 
> In our talk, he noted interest in collaborating with OWASP on some events
> (which is a collection of challenges) - they easily have enough challenges
> to cover the OWASP Top 10 and could likely cover 90 to 100% of the OWASP
> Testing Guide.
> 
> He'd like to brand the event with OWASP logo's etc.  He'd also like help
> reviewing the challenges and proof-reading the English in the
> problems/solutions.  The ones I read were fine but he'd like native English
> speakers to review them.
> 
> This could be a huge win for OWASP.  I'd like to get this guy to the Summit
> in Feb to talk about collaborating with OWASP.
> 
> Thoughts?
> 
> Below is the email I received from Ivan yesterday:
> 
> On 12/08/2010 09:59 AM, Ivan Buetler wrote:
>> Hi Matt,
>>
>> Sorry for not coming back earlier, was/am quite busy at the time. If 
>> interested, we would like to open an OWASP TOP 10 online training in 
>> Hacking-Lab. We are thinking of a training with the following 
>> pre-conditions
>>
>> * OWASP top 10 training (all cases are covered)
>> * Trainer feature for some well-known, trustworthy OWASP members
>> * Access to the solution videos of the OWASP TOP 10 issues
>> * Branding the OWASP Hacking-Lab Event in an OWASP-style
>> * OWASP Certificate for those receiving full points to all lab cases
>>
>> What do you think about such a collaboration? Let me know if this is 
>> interesting for OWASP.
>>
>> Ivan
> 
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
> 




More information about the Owasp-board mailing list