[Owasp-leaders] [balint:6755] Re: Teaching resources

Kim Carter kim.carter at owasp.org
Wed Apr 25 19:22:46 UTC 2018


I have a book series (currently about 800 pages of content) augmented 
with hands-on training workshops that aimed to fill this gap and seems 
to be working out well.

A good percentage of the content is mapped to OWASP material.

In terms of what Simon is mentioning around "wider range of generic 
Application Security Skills and knowledge", that's been the book series 
goal from inception, hence the name "Holistic".

These are a couple of many trainings that have been run based on the 
books curriculum

  * OWASP New Zealand Day at Auckland University
    <https://binarymist.io/talk/owaspnzday-2018-workshop-building-security-into-your-development-team/>
  * Christchurch Hacker Con at Canterbury University
    <https://binarymist.io/talk/chcon-workshop-building-security-into-your-development-team/>

Many others here <https://binarymist.io/talk/>, 90% of which are based 
on the book series. Read online here: 
holisticinfosecforwebdevelopers.com 
<https://www.holisticinfosecforwebdevelopers.com>

Let me know if this could be of help...


Kim Carter

OWASP New Zealand Chapter Leader (Christchurch)

Author of *Holistic Info-Sec for Web Developers* 
<http://www.holisticinfosecforwebdevelopers.com>

c: +64 274 622 607











On 25/04/18 23:15, psiinon wrote:
> Very interesting :)
> I dont suppose you have any English resources you can share?
>
> Many thanks,
>
> Simon
>
> On Wed, Apr 25, 2018 at 12:05 PM, Timur 'x' Khrotko [owasp] 
> <timur at owasp.org <mailto:timur at owasp.org>> wrote:
>
>     I've just delivered a full semester of non-technical appsec or
>     rather secdev in a Hungarian university. Approaches, principles,
>     real live cases, ASVS, corporate secdev playbook. May that be
>     interesting.
>
>     On Wed, 25 Apr 2018 at 12:55, Adrian Winckles
>     <adrian.winckles at owasp.org <mailto:adrian.winckles at owasp.org>> wrote:
>
>         Thanks Simon
>
>         One of the projects I'd been working on from the Summit last
>         year and hopefully from teh Summit this year as well (funding
>         pending) was for the MSc Application Security Curriculum
>         project whicgh  needs more work to look at the skills and
>         knowledge students should learnt as part of such
>         qualification, we had an initial attempt at gathering opinions
>         by survey at the last summit but the majority returned surveys
>         were “lost” before they were handed over
>
>         My aim would be to produce a wider survey of OWASP trainers
>         and educational supporters to canvas opinions on a wider range
>         of generic Application Security Skills and knowledge which
>         would be required from a MSc curriculum and determining
>         suitable learning objectives to be able to produce an “open”
>         curriculum for any educational institution or trainer to use.
>
>         A second and larger part of the work is then to map the
>         knowledge, skills & learning objectives to OWASP Project
>         materials to help deliver quality educational experiences to
>         those study Application Security.
>
>         Thanks
>
>         Adrian
>
>         On Wed, Apr 25, 2018 at 11:43 AM, psiinon <psiinon at gmail.com
>         <mailto:psiinon at gmail.com>> wrote:
>
>             Leaders,
>
>             I've just started having a conversation with a college
>             lecturer re the possibility of a consortium of colleges
>             and universities to work with OWASP on creating webappsec
>             teaching resources.
>
>             Is anyone else looking at this or interested in getting
>             involved if it does happen?
>             Leaders of active (and relevant;) projects particularly
>             welcome.
>
>             Obviously we have a wealth of raw material, but thats not
>             the same as a set of resources that lecturers can easily
>             get started with.
>
>             I know theres
>             https://www.owasp.org/index.php/OWASP_Training
>             <https://www.owasp.org/index.php/OWASP_Training> but thats
>             not been updated since 2016 and references several
>             projects that are no longer active.
>
>             I think that a packaged set of teaching resources that
>             anyone can use to help people get started with appsec
>             could be incredibly valuable and really help raise
>             awareness in appsec and OWASP.
>
>             Let me know what you think,
>
>             Simon
>
>             -- 
>             OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>             _______________________________________________
>             OWASP-Leaders mailing list
>             OWASP-Leaders at lists.owasp.org
>             <mailto:OWASP-Leaders at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>             <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>
>
>         This message may contain confidential information - you should
>         handle it accordingly.
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>         <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>
>     -- 
>     secmachine․net #wepowersecdev
>
>
>
>
> -- 
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180426/3305aa31/attachment-0001.html>


More information about the OWASP-Leaders mailing list