[Owasp-education] Action required: Table of content for approval
seba at deleersnyder.eu
Mon Oct 22 03:21:39 EDT 2007
We could derive a "What testers should know on Web Application Security".
For this track more focus and time would be put on the testing aspects.
Once the "What developers should know on Web Application Security" track is
finalized we can create a tester track as well and hook into the testing
I agree that 4 h seems a lot for this track, but it is a challenge to cover
the material in enough detail for the proposed TOC.
Once the 4h track is created, it is easier to summarize stuff and bring it
down in number of slides and material and create an Introduction Track of 1h
I also expect to have feedback from first try-outs: any volunteers on the
list to do this with a pilot group?
From: Mike de Libero [mailto:mikede at mde-dev.com]
Sent: maandag 22 oktober 2007 7:07
To: Sebastien Deleersnyder
Cc: owasp-education at lists.owasp.org
Subject: Re: [Owasp-education] Action required: Table of content for
I think this is a good start. However, I have a few thoughts on this.
1) The "What developers should know on Web Application Security" is also
what any good tester needs to know, imho. They need to know code
patterns, how to test and how to mitigate potential threats. So, the
tester can make sure the implementations of the devs are solid and/or to
spot code issues when they are whiteboxing. It is a great start but I
don't think it is solely limited to devs especially since you talk about
testing as a part of the presentation.
2) Also, what is the audience to web app sec primer? I know you said it
is for anyone who wants to know what web app sec is. If so why should
it take 4 hours? Maybe 2 maybe 1 but 4 seems like a long time.
Sebastien Deleersnyder wrote:
> I have incorporated received feedback in the 2 table of contects:
> I got feedback to incorporate hands-on and testing for the developer
> What I did was: I did add a small module on testing with pointers to
> the testing guide and I suggest to do a demonstration of WebGoat.
> Doing hands-on by the participants will be difficult within the 4 hour
> limit. My suggestion would be to do the developer track during a
> morning session and have a WebGoat walkthrough during the afternoon.
> Let me know if you approve or want some other changes?
> If I get no reponse by 27 Oct, I assume you approve J
> Thank you,
> Kind regards,
> Owasp-education mailing list
> Owasp-education at lists.owasp.org
More information about the Owasp-education