[Owasp-leaders] [balint:6755] Re: Teaching resources

August Detlefsen august.detlefsen at owasp.org
Wed Apr 25 19:54:55 UTC 2018


This is sorely needed. I always ask my developer-students if they received
any security training in college: Only about half actually have CS degrees
and about 20% of those had security as part of their curriculum.

It would probably be useful to survey CS professors to see what is being
taught and how security could be integrated into those courses. For
example: Do they want a full semester class? Do they want single one hour
lectures? Or do they want 5 minute 'hooks' that can slot into existing
lectures?

On Wed, Apr 25, 2018 at 4:15 AM, psiinon <psiinon at gmail.com> wrote:

> Very interesting :)
> I dont suppose you have any English resources you can share?
>
> Many thanks,
>
> Simon
>
> On Wed, Apr 25, 2018 at 12:05 PM, Timur 'x' Khrotko [owasp] <
> timur at owasp.org> wrote:
>
>> I've just delivered a full semester of non-technical appsec or rather
>> secdev in a Hungarian university. Approaches, principles, real live cases,
>> ASVS, corporate secdev playbook. May that be interesting.
>>
>> On Wed, 25 Apr 2018 at 12:55, Adrian Winckles <adrian.winckles at owasp.org>
>> wrote:
>>
>>> Thanks Simon
>>>
>>> One of the projects I'd been working on from the Summit last year and
>>> hopefully from teh Summit this year as well (funding pending) was for the
>>> MSc Application Security Curriculum project whicgh  needs more work to look
>>> at the skills and knowledge students should learnt as part of such
>>> qualification, we had an initial attempt at gathering opinions by survey at
>>> the last summit but the majority returned surveys were “lost” before they
>>> were handed over
>>>
>>> My aim would be to produce a wider survey of OWASP trainers and
>>> educational supporters to canvas opinions on a wider range of generic
>>> Application Security Skills and knowledge which would be required from a
>>> MSc curriculum and determining suitable learning objectives to be able to
>>> produce an “open” curriculum for any educational institution or trainer to
>>> use.
>>>
>>> A second and larger part of the work is then to map the knowledge,
>>> skills & learning objectives to OWASP Project materials to help deliver
>>> quality educational experiences to those study Application Security.
>>>
>>> Thanks
>>>
>>> Adrian
>>>
>>> On Wed, Apr 25, 2018 at 11:43 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> Leaders,
>>>>
>>>> I've just started having a conversation with a college lecturer re the
>>>> possibility of a consortium of colleges and universities to work with OWASP
>>>> on creating webappsec teaching resources.
>>>>
>>>> Is anyone else looking at this or interested in getting involved if it
>>>> does happen?
>>>> Leaders of active (and relevant;) projects particularly welcome.
>>>>
>>>> Obviously we have a wealth of raw material, but thats not the same as a
>>>> set of resources that lecturers can easily get started with.
>>>>
>>>> I know theres https://www.owasp.org/index.php/OWASP_Training but thats
>>>> not been updated since 2016 and references several projects that are no
>>>> longer active.
>>>>
>>>> I think that a packaged set of teaching resources that anyone can use
>>>> to help people get started with appsec could be incredibly valuable and
>>>> really help raise awareness in appsec and OWASP.
>>>>
>>>> Let me know what you think,
>>>>
>>>> Simon
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>> This message may contain confidential information - you should handle it
>>> accordingly.
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>> --
>>
>> secmachine․net #wepowersecdev
>>
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180425/1f3f8298/attachment.html>


More information about the OWASP-Leaders mailing list