Monday, April 11, 2016

Releasing OWASP Web App Top 10 (2013) secure coding learning resources under CC BY-ND 4.0 for everyone to use


In the majority of countries around the world, a "Cyber Security" skills shortage exists or is developing quite rapidly. In Australia, where the majority of our core team resides, the government is releasing a Cyber Security Strategy in April/May 2016, where cyber security skills and education is an important element. 

At Secure Code Warrior, we want to help not only students and professionals in Australia but also in the rest of the world and we are doing that today by providing teaching material on Secure Coding under "Creative Commons - Attribution-NoDerivatives 4.0 International". This comes down to:
  • Sharing — everyone can copy and redistribute the material in any medium or format
  • for any purpose, even commercially. 

We are starting with releasing the OWASP Top 10 for Web Applications but are currently working (together with our partner NVISO in Belgium) on OWASP Top 10 for Mobile Applications, OWASP Top 10 for Internet of Things and also Generic Secure Coding concepts.

We have opted to create very concise and short modules for each topic so everyone can decide themselves whether to use these in a classroom setting and cover several modules, or use them in an online environment and giving developer bite-size things to learn. Each of the slide-packs are covering:
  1. Summary slide of the topic
  2. One or more practical scenario's to better understand the vulnerability concept and root cause
  3. Examples of potential impact
  4. Recommendations on how to avoid writing these vulnerabilities
Here is a sample module on SQL Injections




OWASP Top 10 - Web Apps

The following are currently available which cover the OWASP Top 10 for Web Applications

A1-Injection
SQL
OS Command
LDAP
XPath/XML
A2-Broken Authentication
and
Session Management
A3-Cross Site Scripting (XSS)
A4-Insecure Direct
Object Reference
A5-Security Misconfiguration
A6-Sensitive Data Exposure
Insecure Crypto Storage
Insufficient Transport Layer
A7-Missing Function Level
Access Control
A8-Cross-Site Request
Forgery (CSRF)






Other Common Web Application Weaknesses

Local File Inclusion/
Directory Traversal
Remote File Inclusion Information Exposure Business Logic






4 comments:

  1. I have read your blog its very attractive and impressive. I like it your blog.

    Java Training in Chennai ~ Java Online Training

    ReplyDelete
  2. Hello guys!
    Is it possible to pay through this POS device appropriate credit?
    virginiapos.com/
    Give me recommendations, please.
    Thanks guys!

    ReplyDelete
  3. The website can demonstrate to you the final product, however the proposal can educate you concerning the web design process with this specific individual or organization. angular vs react vs vue

    ReplyDelete