[Owasp-leaders] [Owasp-community] OWASP summer school

Fabio Cerullo fcerullo at owasp.org
Fri Jul 25 11:29:40 UTC 2014


Adil

Thanks for your interest.

We are planning to launch the Winter Code Sprint next September/October
when next academic term resumes. The intention is for this initiative to
run for 6 months until the end of the period.

I would strongly suggest anyone interested in becoming involved with this
activity to subscribe to the following group:

*https://groups.google.com/forum/#!forum/owasp-winter-code-sprint
<https://groups.google.com/forum/#!forum/owasp-winter-code-sprint>*

More info about this initiative here:

https://www.owasp.org/index.php/Winter_Code_Sprint

Here is a handy slide deck that could be useful when approaching
universities/students:

https://www.owasp.org/images/3/3c/WinterCodeSprint.pdf

Regards
Fabio

On Thursday, July 24, 2014, Adil Aliyev <adil.aliyev at owasp.org> wrote:

> Hi,
>
> It will be interesting to participate also for university teachers. What
> dates are you planning to organize and where?
>
> On Thursday, July 24, 2014, Spyros Gasteratos <spyros.gasteratos at owasp.org>
> wrote:
>
>>  Hi Tominir,
>>
>> I'm glad you are interested in participating. The initiative has
>> potential. :-)
>> If your students have any questions or they want something clarified they
>> can ask in the mailing list[1].
>>
>> Btw the project number might be low for the moment but we can increase it
>> a bit to accommodate more students or have the students work in teams.
>> The submission form and more details will be published soon.
>>
>> Please let me know if you have any questions or if you'd like something
>> done differently.
>>
>> Spyros
>>
>> On 23/07/2014 03:20 μμ, Fabio Cerullo wrote:
>>
>> Tonimir,
>>
>>  Thanks for your mail.
>>
>>  Please allow me to introduce you to Spyros who is running the Winter
>> Code Sprint initiative. He might be able to clarify any doubts.
>>
>>  The students don't require to have an idea... we could suggest them
>> ideas as well based on various OWASP participating projects.
>>
>>  The important thing is, they need to be interested to develop some code
>> for an OWASP project.
>>
>>  Regarding your university being an Academic supporter I don't see them
>> listed here:
>>
>>  https://www.owasp.org/index.php/Academic_Supporters
>>
>>  I think based on your university contributions teaching pregrad and
>> grad level students about OWASP, it makes perfect sense to have them listed
>> there.
>>
>>  Please let me know if you want to proceed and I will send you some
>> instructions.
>>
>>  Thanks again,
>>
>> Fabio
>>
>>
>> On Wed, Jul 23, 2014 at 1:36 PM, Tonimir Kišasondi <
>> tonimir.kisasondi at owasp.org> wrote:
>>
>>>  On 22.07.2014. 23:04, Fabio Cerullo wrote:
>>>
>>> Tonimir
>>>
>>>  Great to hear you are working with students on application security.
>>> Would your university and students be interested to become involved in the
>>> OWASP Winter Code Sprint initiative? You could find more info here:
>>>
>>>  https://www.owasp.org/index.php/Winter_Code_Sprint
>>>
>>>
>>>  That's interesting. I will offer it to my students from october to
>>> february, and see if they come up with something which we can reward them
>>> for. Thank you! :)
>>>
>>>
>>>  Also, your University probably qualifies to become an Academic
>>> supporter:
>>>
>>>  https://www.owasp.org/index.php/Academic_Supporter
>>>
>>>  We already are an academic supporter :) We teach owasp stuff at the
>>> pregrad and grad level. :)
>>>
>>>
>>>
>>>  If interested, please let me know.
>>>
>>>  Thanks
>>> Fabio
>>>
>>>
>>> On Tuesday, July 22, 2014, Michael Coates <michael.coates at owasp.org>
>>> wrote:
>>>
>>>> Tonimir,
>>>>
>>>>  This is very exciting! Largely I think the time requirements will be
>>>> determined by the level of knowledge by your students. I've done past
>>>> training sessions where I both explain the security topic and then work
>>>> through exercises within webgoat (via owasp broken web app vm). I covered 3
>>>> core topics and a brief lab exercise in 2 hrs. The students in my course
>>>> were already developers and I covered the material pretty quickly. There
>>>> was enough time for the lab portion, but more time could have been
>>>> allocated.
>>>>
>>>>  It looks like you are planning for 2-3 topics with 4 hrs total. I
>>>> think this could work out ok. The trick is when to step in and provide
>>>> additional guidance on the lab portions.
>>>>
>>>>  Best of luck and let us know how we can help. Also let us know when
>>>> it's publicized and we'll help raise awareness.
>>>>
>>>>
>>>> --
>>>> Michael Coates
>>>> @_mwc
>>>>
>>>>
>>>>
>>>> On Tue, Jul 22, 2014 at 1:28 PM, Tonimir Kišasondi <
>>>> tonimir.kisasondi at owasp.org> wrote:
>>>>
>>>>>  Hello everyone,
>>>>>
>>>>> At the Faculty of organization and informatics in Varaždin, we are
>>>>> trying to organize a webapp sec summer school (intensive course 5 days with
>>>>> 8 hours of lectures and lab excersises ). We currently have a draft outline
>>>>> of all areas we would cover in 5 days for our bachelor and masters
>>>>> students. The school is totally free of charge for them to attend. Below is
>>>>> our rough outline of our program. I would like to know a few things from
>>>>> you and get your feedback on the issue :)
>>>>>
>>>>> We are following the OWASP top 10 as a guidline and would be focused
>>>>> on breaking and then mitigation, and we will have a lot of hands on
>>>>> sessions (with the help of owasp broken web apps project), and we will be
>>>>> mostly practically oriented. Hands on sessions mean demoing real vulns,
>>>>> attacks, tools and making students try out those attacks, tools and
>>>>> implementing fixes and mitigations.
>>>>>
>>>>> 1) Is the time allocated for topics relevant to the problem?
>>>>> 2) What would you change, or what would you cover?
>>>>>
>>>>> We mostly would love to hear your ideas and feedback to give the best
>>>>> to our students! Thanks!
>>>>>
>>>>> [22.9.2014] - 8h lectures
>>>>>  Introduction to OWASP and Webappsec summer school
>>>>>  Introduction to modern web architectures
>>>>>  Introduction to front end technologies
>>>>>  Introduction to backend technologies
>>>>>
>>>>>  [23.9.2014] - 4h lectures and 4h hands on
>>>>>  Injection Flaws
>>>>>  Cross-Site Scripting
>>>>>  50% time to hands on sessions
>>>>>
>>>>>  [24.9.2014] - 4h lectures and 4h hands on
>>>>>  Broken Authentication and Session Management
>>>>>  Insecure Direct Object References
>>>>>  Cross-Site Request Forgery (CSRF)
>>>>>  50% time to hands on sessions
>>>>>
>>>>>  [25.9.2014] - 4h lectures and 4h hands on
>>>>>  Security Misconfiguration
>>>>>  Using Components with Known Vulnerabilities
>>>>>  Sensitive Data Exposure
>>>>>  50% time to hands on sessions
>>>>>
>>>>>  [26.9.2014] - 6h lectures and 2h hands on
>>>>>  Missing Function Level Access Control
>>>>>  Using Components with Known Vulnerabilities
>>>>>  Unvalidated Redirects and Forwards
>>>>>  Hands on session (30% time)
>>>>>  OWASP summer school ending and summary
>>>>>
>>>>>
>>>>> Thank you!
>>>>> Sincerely,
>>>>> Tonimir Kisasondi
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-community mailing list
>>>>> Owasp-community at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>>
>>>>>
>>>>
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140725/f6abf4c5/attachment-0001.html>


More information about the OWASP-Leaders mailing list