OWASP Exams Project

Description
The OWASP Exams project will establish the model by which the OWASP community can create and distribute CC-licensed exams for use by educators. The purpose of the exams is to improve the effectiveness of OWASP training through the use of exams as a means of measurement and student progress tracking. The project will include creation of a set of CC-licensed exams, a model for exam usage, and a roadmap for future exam creation. The exams will be distributed in this project site as well as in Moodle (an open source LMS) format so that they can be re-purposed for use in any system or an educator can use them directly in Moodle to administer exams to students. Ideally the exams will be tied to OWASP Academies learning blocks so that there is good learning and training content that can be used to motivate the usage of the exams. This project will also include study aids for use in learning material covered by the exams.

Exams
As exams are ready we will add them to this page for those who want a version of the exam outside of the Moodle LMS.

The exams that are available in this project are:
 * OWASP Top 10 Threats and Mitigations Exam - Single Select
 * Corresponding Multiple Select questions

The multiple select exam contains a sub-set of questions from the single select exam, however, they have been changed so that there are multiple correct answers to choose from. We are interested in feedback on which type of exam people prefer. Multiple select exams are much harder and the answers sometime feel more ambiguous. Single select exams are easier since you only need to select the one best answer to get the question right.

Moodle Learning Management System
You can find the OWASP Academies Moodle learning management system (LMS) here - http://www.owaspa.org/moodle

The Moodle learning management system will contain eLearning courses to teach OWASP related application security content related to the exams in this project. The LMS will also host exams from this project so that students can log into the system, take an exam and get a grade. Independent students can use this system and educators can also administer an exam for a class or multiple classes of students.

The first deliverables of this project on the LMS are:
 * OWASP Top 10 Threats and Mitigations eLearning SCORM course.
 * OWASP Top 10 Threats and Mitigations eLearning SCORM exam.

TeamMentor Security Knowledge Base
The TeamMentor security knowledge base is a collection of articles that students can use to learn application security concepts before or after taking an exam. This information can be used to brush up on concepts pre-exam or can be used as part of continuous education and during the application of application security concepts on the job.

The TeamMentor knowledge base consists of the following components (click on the links for access to each):
 * TeamMentor OWASP Edition. This is a web application that contains a browseable, searchable collection of free application security articles focused on OWASP concepts.
 * TeamMentor OWASP Library Source. This is a GitHub repository that contains all of the XML files that make up the OWASP library. You can download the library and make changes to it in order to meet your particular needs. If you make changes to the files in the library itself, be sure to retain library integrity by using the Guidance Explorer authoring tool and testing your library before checking any files into the source repository. We will periodically update the TeamMentor OWASP Edition instance with changes made by the community to the GitHub library.
 * Guidance Explorer Authoring Tool. This is a .NET application that you can use to edit library files or create new library articles. Please use this tool when making changes to the library so that you preserve library integrity.