Re: OWASP Top 10 Awareness Training

sithurralde · ‎02-18-2026

Hi,

I'm looking for suggestions or recommendations for OWASP top 10 training for my company's developers. Looking of a overview/awareness course that can be purchased as a SCORM package.

nkeaton · ‎02-18-2026

@sithurralde I would see if there is an active OWASP chapter in your area. They would probably be willing to set something up for you. I use ETI Performance Improvement for that type of training. They are easy to work with and will tailor training for staff. I would also suggest familiarity with CSA’s (Cloud Security Alliance) top threats. https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-2025 OWASP is touched upon in ISC2’s CSSLP training as well. .

dcontesti · ‎02-19-2026

We developed our own training for this based on on environment (Discrete Mfg.). but we did look at several vendors (Secureflag, Aqua, DataSunrise as well as those offered by OWASP).

The rationale was simple, these developers were also charged with keeping the systems viable (99% uptime)....so we had to build and deliver in such a way that they could implement security and still meet the business requirements. Remember anything that slows production or potentially stops in is thrown out immediately in this environment.

In addition to your local OWASP group, check out ISC2 chapters ( there are many in the SFO area). At these meetings, you may find someone who has done this work and willing to share.

Additionally, RSA is coming up in March and is a perfect place to talk to MANY vendors about their offerings. Many vendors offer free EXPO passes (Just a few......there are others):

Thales: 52E1339XP
Veeam: 52E1300XP
Nokia: 52E1014XP

DataSunrise is also offering an expo pass along with an all access pass (value $30) by using code 52AAD136.

And of course, ISC2 offers a member discount to the conference.

Regards,

d

sithurralde · ‎02-19-2026

Thanks nkeaton!

sithurralde · ‎02-19-2026

Thanks dcontesti

Blue_bird · ‎02-20-2026

The OWASP Foundation itself is a non-profit that provides the standards (the list, documentation, and data), they do not sell or provide an "official" SCORM package. For that, you must use third-party vendors who build curriculum based on the OWASP standards.

However, You find a nice overview on their official site:

https://owasp.org/Top10/2021/

Thanks

nkeaton · ‎02-20-2026

@sithurralde Very welcome. I work with our cybersecurity workforce on attaining and keeping their certifications and set up training and do study materials acquisitions for that. I do hope that you have a local OWASP chapter that is active and willing to assist. Please let me know if can assist. Giving back to the profession is very important to me as is helping others.

akkem · ‎02-22-2026

Maybe we can start with an OWASP open project. It provides detailed guidance and a solid baselines.
https://owasp.org/Top10/2025/

sithurralde · ‎02-23-2026

Thanks akkem.

sithurralde · ‎02-23-2026

Thanks Blue_bird