[Owasp-leaders] Follow-up >> FW: OWASP Academies.

Konstantinos Papapanagiotou conpap at di.uoa.gr
Wed Dec 1 03:05:16 EST 2010


The ISACA model is a good point of reference.

I think that we should work on mainly two categories of curricula:
some universities prefer to have just one lecture on appsec which will
be part of a programming module, (or a software engineering or an
infosec module). Some others, especially those that have degrees that
focus on infosec or software engineering, may want to have a
specialized module for appsec with 10-12 lectures in one semester.
Usually a masters degree is more flexible and open to new ideas and
modules, so its easier to introduce a new course. However I think that
our main focus should be undergrads.

In this context IMHO we need to produce curriculum for a 3 or 6-hour
intensive course and also for an entire module. Sometime I'd love to
see an MSc on AppSec but this is a different discussion :)

Regarding the curriculum itself, most universities prefer their
modules to be technology and programming language independent. For
example they'd rather have a generic "Secure Coding" course rather
than a .NET specific course. A generic module might give examples in a
specific language at some point during the lectures, preferably using
the language that the students have been taught in their early years
at the university, just to give some practical examples. I think that
the OWASP Secure Coding Practices - Quick Reference Guide is ideal for
this subect (btw excellent work!!).

This brings me to the next issue: some universities suggest books and
bibliography for the students (in Greece we even provide them for free
to the undergrads). Fortunately, we have extensive and excellent
documentation projects. However, we need to work on translations
because some universities want to provide books and documentation in
their local language.

Anyway... this is a big discussion maybe we should move it to the
academies list :)

Kostas


On Wed, Dec 1, 2010 at 8:58 AM, Anthony Cheuk Tung, LAI, CSSLP, CISSP
<anthonylai at owasp.org> wrote:
> For example:
> Core Course:-
> 101 Web Application Security Fundamentals (i)
> 102 Web Application Security Fundamentals (II)
> Required Course:-
> 201 Secure Coding - .NET
> 202 Secure Coding - JAVA
> Electives:-
> 205 Code Audit (i)
> 305 Code Audit (II)
> 206 Web Application Penetration Test (I)
> 306 Web Application Penetration Test (II)
>
>
> On Wed, Dec 1, 2010 at 12:12 PM, Nam Nguyen <namn at bluemoon.com.vn> wrote:
>>
>> Dear leaders
>>
>> I really like the ISACA cirriculum model. Perhaps OWASP, as one of the
>> app-sec authoritives, could produce a similar model for undergraduate or
>> master degree?
>>
>> Cheers
>> Nam
>>
>> On Tue, 30 Nov 2010 15:21:26 -0800 (PST)
>> "Eng. Talal Al-Basha" <talal_basha1982 at yahoo.com> wrote:
>>
>> > Dear Sandra,
>> > I have suggestion regarding universities, we should prepare scoped
>> > projects and
>> > ideas which could be done as students graduation projects. in this case,
>> > students will have the chance to work on real projects and we can
>> > develop our
>> > projects.
>> >
>> > regards,
>> > Talal AlBasha
>> > OWASP Syria chapter leader
>> >
>> >
>> > ________________________________
>> > From: Sandra Paiva <sandra.paiva at owasp.org>
>> > To: owasp-leaders at lists.owasp.org
>> > Cc: global_education_committee at lists.owasp.org
>> > Sent: Mon, November 29, 2010 9:20:14 PM
>> > Subject: [Owasp-leaders] Follow-up >> FW: OWASP Academies.
>> >
>> >
>> > All,
>> >
>> > Following the email below, I am writing you just to say that if you
>> > didn´t have
>> > the opportunity or the time to participate in this discussion, you can
>> > still do
>> > it. We have received a lot of feedback and interest and are organizing a
>> > meeting
>> > for January where we hope some work can be done to be presented and
>> > discussed in
>> > the February Summit.
>> >
>> > If you feel that you would like to engage and give your contribute,
>> > please fee
>> > free to contact me!
>> >
>> > Many thanks, best regards,
>> > Sandra
>> >
>> >
>> > Sandra Paiva
>> > OWASP Training Manager
>> >
>> > De:Sandra Paiva [mailto:sandra.paiva at owasp.org]
>> > Enviada: quinta-feira, 21 de Outubro de 2010 15:18
>> > Para: 'owasp-leaders at lists.owasp.org'
>> > Cc: 'global_education_committee at lists.owasp.org'; 'Paulo Coimbra'; Dave
>> > Wichers;
>> > Dinis Cruz (dinis.cruz at owasp.org); Eoin Keary; Jeff Williams; Matt
>> > Tesauro;
>> > Sebastien Deleersnyder; Tom Brennan
>> > Assunto: OWASP Academies.
>> >
>> > Dear all,
>> >
>> > I have been asked by the OWASP Board to start off the process of
>> > designing and
>> > building a new concept that will be closely linked to the training
>> > activities
>> > promoted by OWASP and that intends to take this area one step further.
>> >
>> > The idea is to create what we will call OWASP Academies –
>> > http://www.owasp.org/index.php/OWASP_Academies.
>> >
>> >
>> > The OWASP Academies will be a frame under which work should be done with
>> > Universities, Polytechnic Institutes, IT Schools and other Academic
>> > institutions
>> > with a view to establish solid relationships and develop with these
>> > organisms
>> > ways to collaborate and participate in the design of courses focused on
>> > web
>> > application security.
>> >
>> > OWASP has the knowledge and critical mass to give an invaluable input to
>> > any
>> > Academy focusing on this area – both by contributing with its expertise
>> > in the
>> > definition of curricula and course contents that explore and study the
>> > web
>> > security field and by making available to the Academy its pool of
>> > interested and
>> > willing security experts as trainers.
>> >
>> >
>> > As mentioned above, this concept is just at its beginning and we do not
>> > have, as
>> > of yet, a clear methodology or set of rules to implement what hopefully
>> > will be
>> > a new area of work for OWASP. What is clear, however, is that to make
>> > this
>> > happen we will need your input and ideas, your energy and your
>> > initiative.
>> > Moreover, as we are planning to include this discussion in one of the
>> > Working
>> > Sessions to be held in the upcoming OWASP Summit 2011, this would be the
>> > perfect
>> > timing to gather your input and contributions.
>> >
>> > Being so, if you have contacts within your local academic communities
>> > and would
>> > like to be involved in the design and development of this  concept,
>> > please do
>> > get back to me with your thoughts!
>> >
>> > I am looking forward to hearing from you!
>> >
>> > Regards,
>> > Sandra
>> >
>> >
>> > Sandra Paiva
>> > OWASP Training Manager
>> >
>> >
>> >
>>
>>
>> --
>> Nam Nguyen, CISA, CISSP, CSSLP
>> Blue Moon Consulting Co., Ltd
>> http://www.bluemoon.com.vn
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> --
> Regards,
> Anthony LAI
> Founder & Security Researcher
> Valkyrie-X Security Research Group
> "Offensive . Creative . Fun"
>
>      __  _
>       .-.'  `; `-._  __  _
>      (_,         .-:'  `; `-._
>    ,'o"(        (_,           )
>   (__,-'      ,'o"(            )>
>      (       (__,-'            )
>       `-'._.--._(             )
>          |||  |||`-'._.--._.-'
>                     |||  |||
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


More information about the OWASP-Leaders mailing list