Friday, 17 May 2013

PDF with (draft) Exam of OWASP Top10 questions

On the topic of exams and certificates, JBI Training wants to offer their clients some kind of certificates, so I'm helping them to figure out how to do it.

The first step was to have something to ping JBI's developer community with (i.e former students) so I pointed Nigel Laurens to the OWASP Exams project and he created this pdf (embedded bellow) to kickstart things.

Of course that we really need to add some automation here (in terms of getting feedback on questions and processing the results), but even something as crude as this list of questions, will focus the mind of developers and make sure they undertand the OWASP Top 10.

I also noticed that this PDF doesn't include references to the source materials and content license. Which is caused by Nigel's lack of experience in the OWASP and world (so don't go too hard on him :) )

Btw, from the OWASP Exams project it looks like the is still up (so take a look, since it is quite a nice solution)

Note that we are taking about certificates and exams here,  not certification (since these are early days). That said the path for creating certifications based on OWASP material is already mapped on the  OWASP Red book (The OWASP Application Security Code of Conduct for Certifying Bodies)

And I have written about my views of OWASP Certification in this post