OWASP Education and Training Committee

Background

Part of OWASP’s main purpose is to “Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software”. A key part of that mission is to educate not just the current generation of developers or information security professionals, but also the next generation, particularly in the context of the acknowledged skills shortage in the security sector. A common problem with many security education programmes (whether cyber or InfoSec) or even traditional computer science programmes is that they do not address application security adequately, if at all.

Scope

To provide a support mechanism for OWASP education activities to foster collaborations and supporting relationships with the Application Security, Developer and Training communities both academic and industry based.

To advise the Foundation & Board of an educational strategy for OWASP.

Benefits to the community

Chapters

Encourage chapters to foster and document relationships with training providers and educational establishments (at all levels) to broaden the application security education to all communities.

Projects

Encourage projects to foster and document relationships with training providers and educational establishments (at all levels) to broaden the application security education to all communities.

Outreach

The committee will establish and promote relationships with professional bodies, standards and academia based organisations to promote application security education to the wider security and developer community.

Training Events

The OWASP Education and Training Committee will respond to the requests received from the public-at-large for training requests. The mechanisms to respond to these requests is to collaborate with the Events Committee to conduct the training.

Certification

Design and develop a certification program with multiple levels (Foundational and Advanced) for developers. The certificate would provide a validation of knowledge of developers but also provide an avenue to meet requirements of standards like PCI-DSS where training developers on secure coding is a requirement.

Proposed initial Projects

Establish a core set of Learning Objectives for an application security curriculum, that defines the educational requirements necessitated by industry (from an established Application Security Body of Knowledge)

  • ** Undertake a gap analysis of existing and missing curricula learning to meet the requirements outlined by industry;
  • ** This will be achieved through liaison with industry, professional bodies and existing state of the art literature.

Design, Develop and Implement a certificate for developers - OWASP Certified Secure Developer. The initial set of aims/goals for achieving this project are:

  • ** To design a body of knowledge
  • ** Design a process for creating an exam question bank
  • ** Foundational certification levels shall be programming language neutral
Watch Star