https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=JohestephanOWASP - User contributions [en]2026-04-25T13:40:22ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Security_Knowledge_Framework&diff=211505OWASP Security Knowledge Framework2016-03-21T09:50:37Z<p>Johestephan: /* Contributors */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">http://www.securityknowledgeframework.org/img/banner-wiki-owasp.jpg</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Security Knowledge Framework==<br />
The OWASP Security Knowledge Framework is intended to be a tool that is used as a guide for building and verifying secure software. It can also be used to train developers about application security. Education is the first step in the <i>Secure Software Development Lifecycle</i>.<br />
<br />
The 4 Core usage of SKF:<br />
<br />
* Security Requirements OWASP ASVS for development and for third party vendor applications <br />
* Security knowledge reference (Code examples/ Knowledge Base items)<br />
* Security is part of design with the pre-development functionality in SKF<br />
* Security post-development functionality in SKF for verification with the OWASP ASVS<br />
<br />
== Description ==<br />
<br />
The <i>OWASP Security Knowledge Framework</i> is an expert system web-application that uses the OWASP Application Security Verification Standard and other resources. It can be used to support developers in pre-development (security by design) as well as after code is released (OWASP ASVS Level 1-3).<br />
<br />
== Why Use The OWASP Security Knowledge Framework? ==<br />
<br />
Our experience taught us that the current level of security the current web-applications contain is not sufficient enough to ensure security. This is mainly because web-developers simpy aren't aware of the risks and dangers are lurking, waiting to be exploited by hackers. <br />
<br />
Because of this we decided to develop a security tool in order to create a guide system available for all developers so they can develop applications secure by design.<br />
<br />
The security knowledge framework is here to support developers create secure applications. By analysing proccessing techniques in which the developers use to edit their data the application can link these techniques to different known vulnerabilities and give the developer feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner. <br />
<br />
The seccond stage of the application is validating if the developer properly implemented different types of defense mechanisms by means of<br />
different checklists such as the application security verification standards.<br />
<br />
By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defense mechanisms he forgot to implement and give him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.<br />
<br />
==Licensing==<br />
<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. <br />
<br><br />
<br />
==Donate==<br />
<paypal>Security Knowledge Framework </paypal><br />
<br />
| valign="top" style="padding-left:25px;width:125px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
<br />
== Project Download ==<br />
'''Github/source-code:'''<br/><br />
* https://github.com/blabla1337/skf-flask<br/><br />
<br />
<b>Installation guide:</b><br />
* http://skf.readme.io/v1.0/docs/installation<br/><br />
<br />
<b>Installation guide with Chef:</b><br />
* https://skf.readme.io/docs/installation#section-automated-installation-with-chef<br/><br />
<br />
<b>Installation guide for AWS:</b><br />
* https://skf.readme.io/docs/installation#section-aws-installation<br/><br />
<br />
== Project Online Demo ==<br />
'''username: admin password: test-skf'''<br/><br />
* https://demo.securityknowledgeframework.org<br/><br />
<br />
'''Project website:'''<br/><br />
* http://www.secureby.design<br/><br />
<br />
== Video demo ==<br />
* https://www.youtube.com/watch?v=ogzCVtI8-qE&feature=youtu.be<br/><br />
<br />
== Project OWASP-SKF Pebble ==<br />
'''Released OWASP-SKF Pebble in the Appstore for free'''<br/><br />
* http://apps.getpebble.com/en_US/application/556b65b8389795176b000042<br/><br />
<br />
== Related Projects ==<br />
<br />
[[Image:Asvs-satellite.jpg]]'''OWASP Resources''' <br />
<br />
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]<br />
<br />
== Project Leaders ==<br />
[mailto:glenntencate@gmail.com Glenn ten Cate]<br/><br />
[mailto:r.tencate77@gmail.com Riccardo ten Cate]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
|-<br />
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]<br />
|}<br />
<br />
|}<br />
<br />
=Documentation=<br />
<br />
For detailed information, documentation, tutorials and guide's please visit:<br><br />
https://skf.readme.io<br><br />
OR<br><br />
https://www.securityknowledgeframework.org<br><br />
<br />
Slides of workshop DevOpsDays 2015 Amsterdam:<br><br />
https://www.owasp.org/images/5/54/Skf-design-workshop.pptx.pdf<br />
<br />
= Roadmap and Getting Involved =<br />
<br />
==Roadmap==<br />
<br />
Check out the: ''' [https://waffle.io/blabla1337/skf-flask Online Scrum Board] '''<br />
<br />
- Add code examples -> relevant knowledge-base items in results<br />
- Add generic Selenium test cases for the pre-development and post-development security controls.<br />
- Add current code examples and refer them in the advices of the pre-development and post-development items.<br />
- Add CWE to checklists<br />
- Add Python code examples<br />
- Add Java code examples<br />
- Explain the SDLC more in-depth on our website and OWASP wiki page.<br />
- Add Go/Ruby/??? code examples<br />
<br />
==Getting Involved==<br />
<br />
Submitting a Pull Request on Guthub:<br />
<br />
Fork it.<br />
Create a branch (git checkout -b my_markup)<br />
Commit your changes (git commit -am "Added Snarkdown")<br />
Push to the branch (git push origin my_markup)<br />
Check Travis status if build is still working<br />
Open a Pull Request<br />
<br />
One of the authors will check your sample code or knowledge-base item and add it to the master repo.<br />
<br />
= SKF SDLC =<br />
<br />
SKF uses the following services to provide quality over the code and releases.<br />
<br />
== Travis-ci.org:==<br />
Test and Deploy with Confidence. Easily sync your GitHub projects with Travis CI and you'll be testing your code in minutes!<br />
SKF Build details:<br />
<br />
https://travis-ci.org/blabla1337/skf-flask<br />
<br />
== Coveralls.io:==<br />
DELIVER BETTER CODE. We help developers deliver code confidently by showing which parts of your code aren't covered by your test suite.<br />
SKF Coveralls details:<br />
<br />
https://coveralls.io/r/blabla1337/skf-flask<br />
<br />
== Scrutinizer-ci.com==<br />
Why to use Scrutinizer. Improve code quality and find bugs before they hit production with our continuous inspection platform. Improve Code Quality.<br />
SKF Scrutinizer details:<br />
<br />
https://scrutinizer-ci.com/g/blabla1337/skf-flask/<br />
<br />
== Uptimerobot.com==<br />
Monitor HTTP(s), Ping, Port and check Keywords. Get alerted via e-mail, SMS, Twitter, web-hooks or push. View uptime, downtime and response times.<br />
<br />
== ssllabs.com & sslbadge.org ==<br />
<br />
ssllabs.org:<br />
Bringing you the best SSL/TLS and PKI testing tools and documentation.<br />
https://www.ssllabs.com/ssltest/analyze.html?d=securityknowledgeframework.org<br />
<br />
sslbadge.org:<br />
Creates a nice badge for your website SSL/TLS security settings based on the Qualys SSL Labs testing.<br />
<br />
= Contributors =<br />
<br />
;[[user:Foobar|Glenn ten Cate]]<br />
;[[user:Riccardo_ten_Cate|Riccardo ten Cate]]<br />
;Alexander Kaasjager<br />
;John Haley<br />
;Daniel Paulus<br />
;Erik de Kuijper<br />
;Roderick Schaefer<br />
;[[user:Jmanico|Jim Manico]]<br />
;Martijn Gijsberti Hodenpijl<br />
;Bithin Alangot<br />
;[[user:Knoblochmartin|Martin Knobloch]]<br />
;Adam Fisher<br />
;Tom wirschell<br />
;[[user:johestephan|Joerg Stephan]]<br />
<br />
<br/><br />
Thank you to my colleagues at Schuberg Philis for helping and giving feedback.<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]]<br />
[[Category:OWASP_Builders]]<br />
[[Category:OWASP_Defenders]]<br />
[[Category:OWASP_Tool]]</div>Johestephanhttps://wiki.owasp.org/index.php?title=User:Johestephan&diff=203290User:Johestephan2015-11-11T12:00:54Z<p>Johestephan: </p>
<hr />
<div>'''Joerg Stephan''' is member of an international team of customer dedicated Analysts. Before working as an Security Analyst he evolved through every aspect of IT from web developer and IT technician in early 1998 and administrator in an research facility, to becoming Team Leader of system administration and CISO in a PCI-DSS certified company.<br />
Born in Saarland / Germany, now living in the Netherlands (Noord-Holland)</div>Johestephan