[Owasp-education] Action required: Table of content for approval

Mike de Libero mikede at mde-dev.com
Mon Oct 22 01:06:59 EDT 2007


Seba,

    I think this is a good start.  However, I have a few thoughts on this.

1) The "What developers should know on Web Application Security" is also 
what any good tester needs to know, imho.  They need to know code 
patterns, how to test and how to mitigate potential threats.  So, the 
tester can make sure the implementations of the devs are solid and/or to 
spot code issues when they are whiteboxing.  It is a great start but I 
don't think it is solely limited to devs especially since you talk about 
testing as a part of the presentation. 

2) Also, what is the audience to web app sec primer?  I know you said it 
is for anyone who wants to know what web app sec is.  If so why should 
it take 4 hours?  Maybe 2 maybe 1 but 4 seems like a long time. 

    Thanks,
    Mike

Sebastien Deleersnyder wrote:
>
> Hi,
>
>  
>
> I have incorporated received feedback in the 2 table of contects:
>
> https://www.owasp.org/index.php/Education_Track:_Web_Application_Security_Primer
>
> https://www.owasp.org/index.php/Education_Track:_What_Developers_Should_Know_on_Web_Application_Security
>
>  
>
> I got feedback to incorporate hands-on and testing for the developer 
> track.
>
> What I did was: I did add a small module on testing with pointers to 
> the testing guide and I suggest to do a demonstration of WebGoat. 
> Doing hands-on by the participants will be difficult within the 4 hour 
> limit. My suggestion would be to do the developer track during a 
> morning session and have a WebGoat walkthrough during the afternoon.
>
>  
>
> Let me know if you approve or want some other changes?
>
> If I get no reponse by 27 Oct, I assume you approve J
>
>  
>
> Thank you,
>
>  
>
> Kind regards,
>
>  
>
> Seba
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-education mailing list
> Owasp-education at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-education
>   



More information about the Owasp-education mailing list