Monday, April 18, 2016

Secure Code Warrior Information Sessions

For those interested in seeing a live demo of the Secure Code Warrior platform as well as learning more about our future plans, we have scheduled in a series of online demonstrations for you to attend at your convenience. We will use these sessions to run through the key features of the platform, explain implementation options as well as provide details of our development roadmap for both challenges and the platform itself.

Below is a list of dates and times by regions:

20 April 2016 - 5PM (AEST)
4 May 2016 - 12PM(AEST)
18 May 2016 - 5PM (AEST)
1 June 2016  - 12PM(AEST)
15 June 2016  - 5PM (AEST)
29 June 2016  - 12PM(AEST)

20 April 2016 - 4PM (GMT)
4 May 2016 - 4PM (British Summer Time (GMT)
18 May 2016 - 4PM (British Summer Time (GMT)
1 June 2016  - 4PM (British Summer Time (GMT)
15 June 2016  - 4PM (British Summer Time (GMT)
29 June 2016  - 4PM (British Summer Time (GMT)

20 April 2016, 10AM (Pacific Daylight Time (PDT) -0700 UTC)
4 May 2016, 10AM (Pacific Daylight Time (PDT) -0700 UTC)
18 May 2016, 10AM (Pacific Daylight Time (PDT) -0700 UTC)
1 June 2016, 10AM (Pacific Daylight Time (PDT) -0700 UTC)
15 June 2016, 10AM (Pacific Daylight Time (PDT) -0700 UTC)
29 June 2016, 10AM (Pacific Daylight Time (PDT) -0700 UTC)

Click here for online meeting details and to register for a session

Monday, April 11, 2016

Releasing OWASP Web App Top 10 (2013) secure coding learning resources under CC BY-ND 4.0 for everyone to use

In the majority of countries around the world, a "Cyber Security" skills shortage exists or is developing quite rapidly. In Australia, where the majority of our core team resides, the government is releasing a Cyber Security Strategy in April/May 2016, where cyber security skills and education is an important element. 

At Secure Code Warrior, we want to help not only students and professionals in Australia but also in the rest of the world and we are doing that today by providing teaching material on Secure Coding under "Creative Commons - Attribution-NoDerivatives 4.0 International". This comes down to:
  • Sharing — everyone can copy and redistribute the material in any medium or format
  • for any purpose, even commercially. 

We are starting with releasing the OWASP Top 10 for Web Applications but are currently working (together with our partner NVISO in Belgium) on OWASP Top 10 for Mobile Applications, OWASP Top 10 for Internet of Things and also Generic Secure Coding concepts.

We have opted to create very concise and short modules for each topic so everyone can decide themselves whether to use these in a classroom setting and cover several modules, or use them in an online environment and giving developer bite-size things to learn. Each of the slide-packs are covering:
  1. Summary slide of the topic
  2. One or more practical scenario's to better understand the vulnerability concept and root cause
  3. Examples of potential impact
  4. Recommendations on how to avoid writing these vulnerabilities
Here is a sample module on SQL Injections

OWASP Top 10 - Web Apps

The following are currently available which cover the OWASP Top 10 for Web Applications

OS Command
A2-Broken Authentication
Session Management
A3-Cross Site Scripting (XSS)
A4-Insecure Direct
Object Reference
A5-Security Misconfiguration
A6-Sensitive Data Exposure
Insecure Crypto Storage
Insufficient Transport Layer
A7-Missing Function Level
Access Control
A8-Cross-Site Request
Forgery (CSRF)

Other Common Web Application Weaknesses

Local File Inclusion/
Directory Traversal
Remote File Inclusion Information Exposure Business Logic