Training and Education
7. Training and Education
Training and Education activities are described by in the SAMM Training and Awareness section, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.
The goal of security training and education is to increase the awareness of application security threats and risks along with security best practices and secure software design principles. The security awareness training should be customised for all roles currently involved in the management, development, testing, or auditing of the applications and systems. In addition a Learning Management System or equivalent should be in place to track the employee training and certification processes.
It is important to provide activities for development teams; we are all human and our security knowledge can become stale without a plan for refreshing it. The Security Culture project describes various activities that can help developers keep up to date and motivated.
OWASP provides various resources and environments that can help with this security training and education ranging from vulnerable applications, training platforms and gamification.
Sections:
7.1 Vulnerable Applications
7.1.1 Juice Shop
7.1.2 WebGoat
7.1.3 PyGoat
7.1.4 Security Shepherd
7.2 Secure Coding Dojo
7.3 Security Knowledge Framework
7.4 SamuraiWTF
7.5 OWASP Top 10 project
7.6 Mobile Top 10
7.7 API Top 10
7.8 WrongSecrets
7.9 OWASP Snakes and Ladders
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.