Description of session
- Introduced from academic (college leaver) and commercial (workforce training) perspectives
- Originally presented at OWASP Global AppSec Tel Aviv Projects (26-30 May 2019)
- Potential UK Academic funding (bid outcome due in early July 2019) to generate a generic Open Application Security Curriculum
Objectives
- Promote OWASP as the source what good application security practice looks like, and
- Relaunch the OWASP Education Committee, because - Education is the key to the future
- Develop links between academia and industry focusing on skills/learning objectives and resources.
Outcome Summary
OWASP projects can be difficult to navigate.
- Link skills to projects/resources, make output more accessible.
- Identify missed opportunity
- Focus on target development.
- Conduct gap analysis utilising existing skills frameworks and
- Determine a full application security skills framework
- Identify the top-level learning objectives
- Suggestions from participants include:
Outcomes
- Establish core Learning Objectives for Application Security curriculum; define educational requirements of industry including:
- Gap analysis of existing/missing curricula; meet industry requirements
- Collaborate with industry, professional bodies, existing literature.
- Appraise state-of-the-art AppSec teaching resources and determine areas of non-coverage
- Gap analysis of existing and missing teaching resources through discovery workshops and industry links.
- Recommend an AppSec security open curricula for industry
- Produce and disseminate a learning skills framework
- Empower academia to support industry in the problems faced in developing the next generation of graduate software developers, computer scientists and security analysts in DevSecOps
- Address teaching requirements at undergraduate, postgraduate, apprentice, and industry certification levels
- Get key influencer approval (i.e., OWASP); professional bodies (i.e., IISP, ISC2, CREST).
- Develop a curriculum roadmap with key learning outcomes linked to OWASP projects and delivered by infographic
- Develop a “training directory” where organisations can register their training programs according to the parts of the program they support.
Follow up
- Develop a questionnaire; share with OWASP Project Leader
- Project leaders asked to share details on the skills they feel their projects offer and how they fit in existing frameworks.
- See how the project can work with other OWASP Projects where there may be significant overlap (e.g., SAMM)
- Initiate OWASP Education Committee as a way of engaging support for the project as a wider initiative within the community.