Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
OWASP Season of Code Proposal - Enterprise Training
1. ENTERPRISE TRAINING PROJECT
OWASP Proposal Page
Application 1
Applicant's Identification/Project Release Leader Cassio Goldschmidt
Application Designation/Name
Enterprise Training
Project – Phase I
First (proposed) Reviewer
Application Security Issue Addressed Prelude
OWASP Top 10, the
foundation most well
known project, has
insuficient
supplemental material
that could be readily
used by companies
who would like to
2. educate employees on
it. Education on the
top 10 should not limit
itself to provide
awareness about
problem. It must
educate the
development
community on how to
resolve the issues
presented in the list.
Problem to be
addressed
• Provide
professional
quality training
material on
OWASPs best
well known
project.
• Help
disseminate
Web Security on
enterprises
• Introduce the
audience to tools
that help
mitigate the
issue
Proposal
Create a series of
training modules that
can be readily utilized
by enterprises that
would like to train
their employees on
web Security. The
first module that shall
be created is the
official one day
OWASP Top 10
training module. This
module shall be a
3. professional looking,
one day class (the
target is approximately
7.5 hours worth of
training) that unites
our education efforts
with the Top 10 web
vulnerabilities and
exercises based on
OWASP tools.
Prioritized area
(Please choose from here)
Enterprise usability of
OWASP projects
Project Release Roadmap
Milestones:
• Consolidate the
team – July 30th
• Find graphic
designer –
August 21st
• Divide the
work among
the members -
August 24th
• Create each of
the 10
modules,
including
graphics –
December 28th
• Review each of
the 10 modules
– February 28th
• Project
Completion -
March 12th
• Use the
training in at
least at one
enterprise –
March 26th
• Offer it as a
class at
OWASP
AppSec EU
2010
Other Questions |}
4. Project Goal
The ultimate goal of this project is to create a series of training modules that can be readily utilized by
enterprises that would like to train their employees on web Security. The first module that shall be
created is the official one day OWASP Top 10 training module. This module shall be a professional
looking, one day class (7.5 hours worth of training) that unites our education efforts with the Top 10
web vulnerabilities and exercises based on OWASP tools.
Each training module will consist of:
• A slide deck (ppt) where every single slide has a narration, word by word, of what an instructor
should teach in the slide. The narration will be later utilized to build online.
o Each deck must contain references in the end of each module
o References to surveys must be displayed in each slide where the information is
referenced
o All tools mentioned in the deck must contain a link to them
o All attacks shall contain an animation (when applicable) exemplifying the attack and
real life instances of the attack.
• Time it takes to present the slides (based on someone reading the narration while emulating a
presentation, plus or minus some minutes. The 1.5 minutes per slide rule must fall inside this
range)
• A set of questions related to the content of the module. The number of questions shall be no less
than a function (set by the committee later) that takes the deck size into consideration. Each
question shall meet best practices for exam question creation (e.g. OUCOM Multiple Choice
Exam Policy)
• Hands on fixation exercises (many will be based on already existing OWASP tools)
To maintain quality and uniformity among modules, all art shall be developed (or enhanced) by a
professional graphic designer who will be hired using the budget for this project. The graphic designer
shall be responsible for delivering the slide, charts, citation, bullets, agenda and timeline templates as
well as icon library that will be used as the base for the entire project and modules to come in the
future. The graphic designer will also be responsible for creating all PowerPoint animations. To
minimize the cost of this operation, the graphic designer will be hired overseas.
To foster contribution, all companies that donate time for the construction of a module will have their
logos displayed in the first and last slide of the deck they contributed.
Budget
• 20K for the top 10 (Phase I)
5. Schedule
• Consolidate the team – July 30th
• Find graphic designer – August 21st
• Divide the work among the members - August 24th
• Create each of the 10 modules, including graphics – December 28th
• Review each of the 10 modules – February 28th
• Present at least at one enterprise – March 27th
• Offer it as a class at OWASP AppSec EU 2010