[Owasp-education] Action required: Table of content for approval

Sebastien Deleersnyder seba at deleersnyder.eu
Mon Oct 22 03:21:39 EDT 2007


Hi Mike,

We could derive a "What testers should know on Web Application Security".
For this track more focus and time would be put on the testing aspects.
Once the "What developers should know on Web Application Security" track is
finalized we can create a tester track as well and hook into the testing
guide.

I agree that 4 h seems a lot for this track, but it is a challenge to cover
the material in enough detail for the proposed TOC.
Once the 4h track is created, it is easier to summarize stuff and bring it
down in number of slides and material and create an Introduction Track of 1h
or 2h.

I also expect to have feedback from first try-outs: any volunteers on the
list to do this with a pilot group?

Regards

Seba

-----Original Message-----
From: Mike de Libero [mailto:mikede at mde-dev.com] 
Sent: maandag 22 oktober 2007 7:07
To: Sebastien Deleersnyder
Cc: owasp-education at lists.owasp.org
Subject: Re: [Owasp-education] Action required: Table of content for
approval

Seba,

    I think this is a good start.  However, I have a few thoughts on this.

1) The "What developers should know on Web Application Security" is also 
what any good tester needs to know, imho.  They need to know code 
patterns, how to test and how to mitigate potential threats.  So, the 
tester can make sure the implementations of the devs are solid and/or to 
spot code issues when they are whiteboxing.  It is a great start but I 
don't think it is solely limited to devs especially since you talk about 
testing as a part of the presentation. 

2) Also, what is the audience to web app sec primer?  I know you said it 
is for anyone who wants to know what web app sec is.  If so why should 
it take 4 hours?  Maybe 2 maybe 1 but 4 seems like a long time. 

    Thanks,
    Mike

Sebastien Deleersnyder wrote:
>
> Hi,
>
>  
>
> I have incorporated received feedback in the 2 table of contects:
>
>
https://www.owasp.org/index.php/Education_Track:_Web_Application_Security_Pr
imer
>
>
https://www.owasp.org/index.php/Education_Track:_What_Developers_Should_Know
_on_Web_Application_Security
>
>  
>
> I got feedback to incorporate hands-on and testing for the developer 
> track.
>
> What I did was: I did add a small module on testing with pointers to 
> the testing guide and I suggest to do a demonstration of WebGoat. 
> Doing hands-on by the participants will be difficult within the 4 hour 
> limit. My suggestion would be to do the developer track during a 
> morning session and have a WebGoat walkthrough during the afternoon.
>
>  
>
> Let me know if you approve or want some other changes?
>
> If I get no reponse by 27 Oct, I assume you approve J
>
>  
>
> Thank you,
>
>  
>
> Kind regards,
>
>  
>
> Seba
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-education mailing list
> Owasp-education at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-education
>   




More information about the Owasp-education mailing list