OWASP Developer Guide

Training and Education

7. Training and Education

Training and Education activities are described by in the SAMM Training and Awareness section, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.

The goal of security training and education is to increase the awareness of application security threats and risks along with security best practices and secure software design principles. The security awareness training should be customised for all roles currently involved in the management, development, testing, or auditing of the applications and systems. In addition a Learning Management System or equivalent should be in place to track the employee training and certification processes.

OWASP provides various resources and environments that can help with this security training and education.


7.1 Vulnerable Applications
7.1.1 Juice Shop
7.1.2 WebGoat
7.1.3 PyGoat
7.1.4 Security Shepherd
7.2 Secure Coding Dojo
7.3 Security Knowledge Framework
7.4 SamuraiWTF
7.5 OWASP Top 10 project
7.6 Mobile Top 10
7.7 API Top 10
7.8 WrongSecrets
7.9 OWASP Snakes and Ladders

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.