[Owasp-leaders] [balint:6755] Re: Teaching resources

Kevin W. Wall kevin.w.wall at gmail.com
Thu Apr 26 00:11:53 UTC 2018


Can you provide any information as to the level of the intended
security course(s)? E.g., is it aimed at freshman/sophomores,
junior/senior, graduate school???

Back in 2000 (a *long* time ago, in terms of security), I designed and
taught an information security course for a masters level CS course.
The course was an elective, 15 week semester that I taught for at
least 2 out of 3 semesters (summer semesters on occasion) for 7 years
for a local university in Columbus. Those were back in the early days
of OWASP but even then, I still used a lot of OWASP resources. (The
books I used were Ross Anderson's _Security Engineering_ and Gary
McGraw's _Software Security : Building Security In_.)

Most of my notes are outdated (other than the cryptography sections),
but I would be glad to contribute notes, homework assignments, etc.
That may or may not be appropriate though. If this is supposed to be a
100 or 200 level course, then the stuff I have may be a bit too


On Wed, Apr 25, 2018 at 3:54 PM, August Detlefsen
<august.detlefsen at owasp.org> wrote:
> This is sorely needed. I always ask my developer-students if they received
> any security training in college: Only about half actually have CS degrees
> and about 20% of those had security as part of their curriculum.
> It would probably be useful to survey CS professors to see what is being
> taught and how security could be integrated into those courses. For example:
> Do they want a full semester class? Do they want single one hour lectures?
> Or do they want 5 minute 'hooks' that can slot into existing lectures?
> On Wed, Apr 25, 2018 at 4:15 AM, psiinon <psiinon at gmail.com> wrote:
>> Very interesting :)
>> I dont suppose you have any English resources you can share?
>> Many thanks,
>> Simon
>> On Wed, Apr 25, 2018 at 12:05 PM, Timur 'x' Khrotko [owasp]
>> <timur at owasp.org> wrote:
>>> I've just delivered a full semester of non-technical appsec or rather
>>> secdev in a Hungarian university. Approaches, principles, real live cases,
>>> ASVS, corporate secdev playbook. May that be interesting.
>>> On Wed, 25 Apr 2018 at 12:55, Adrian Winckles <adrian.winckles at owasp.org>
>>> wrote:
>>>> Thanks Simon
>>>> One of the projects I'd been working on from the Summit last year and
>>>> hopefully from teh Summit this year as well (funding pending) was for the
>>>> MSc Application Security Curriculum project whicgh  needs more work to look
>>>> at the skills and knowledge students should learnt as part of such
>>>> qualification, we had an initial attempt at gathering opinions by survey at
>>>> the last summit but the majority returned surveys were “lost” before they
>>>> were handed over
>>>> My aim would be to produce a wider survey of OWASP trainers and
>>>> educational supporters to canvas opinions on a wider range of generic
>>>> Application Security Skills and knowledge which would be required from a MSc
>>>> curriculum and determining suitable learning objectives to be able to
>>>> produce an “open” curriculum for any educational institution or trainer to
>>>> use.
>>>> A second and larger part of the work is then to map the knowledge,
>>>> skills & learning objectives to OWASP Project materials to help deliver
>>>> quality educational experiences to those study Application Security.
>>>> Thanks
>>>> Adrian
>>>> On Wed, Apr 25, 2018 at 11:43 AM, psiinon <psiinon at gmail.com> wrote:
>>>>> Leaders,
>>>>> I've just started having a conversation with a college lecturer re the
>>>>> possibility of a consortium of colleges and universities to work with OWASP
>>>>> on creating webappsec teaching resources.
>>>>> Is anyone else looking at this or interested in getting involved if it
>>>>> does happen?
>>>>> Leaders of active (and relevant;) projects particularly welcome.
>>>>> Obviously we have a wealth of raw material, but thats not the same as a
>>>>> set of resources that lecturers can easily get started with.
>>>>> I know theres https://www.owasp.org/index.php/OWASP_Training but thats
>>>>> not been updated since 2016 and references several projects that are no
>>>>> longer active.
>>>>> I think that a packaged set of teaching resources that anyone can use
>>>>> to help people get started with appsec could be incredibly valuable and
>>>>> really help raise awareness in appsec and OWASP.
>>>>> Let me know what you think,
>>>>> Simon
>>>>> --
>>>>> OWASP ZAP Project leader
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> This message may contain confidential information - you should handle it
>>>> accordingly.
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> --
>>> secmachine․net #wepowersecdev
>> --
>> OWASP ZAP Project leader
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Blog: http://off-the-wall-security.blogspot.com/    | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.

More information about the OWASP-Leaders mailing list