This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Security Knowledge Framework"
(→Project Resources) |
(→Project Resources) |
||
| Line 40: | Line 40: | ||
* https://github.com/blabla1337/skf-flask<br/> | * https://github.com/blabla1337/skf-flask<br/> | ||
| − | <b>Installation guide | + | <b>Installation guide:</b> |
| − | * http://skf.readme.io/<br/> | + | * http://skf.readme.io/v1.0/docs/installation<br/> |
'''Video tutorials:'''<br/> | '''Video tutorials:'''<br/> | ||
Revision as of 09:19, 21 May 2015
OWASP Security Knowledge Framework ProjectThe OWASP Security Knowledge Framework Project is intended to be a tool used for building, verification and training. It's the first step in the Software (AND Security) Development Life Cycle.
DescriptionIt is an expert system web-application that uses OWASP Application Security Verification Standard. It support developers in pre-development (Security by design) It support developers after release of code (OWASP Checklist Level 1-3) Code-examples Our experience taught us that the current level of security the current web-applications contain is not sufficient enough to ensure security. This is mainly because web-developers simpy aren't aware of the risks and dangers are lurking, waiting to be exploited by hackers. Because of this we decided to develop a security tool in order to create a guide system available for all developers so they can develop applications secure by design. The security knowledge framework is here to support developers create secure applications. By analysing proccessing techniques in which the developers use to edit their data the application can link these techniques to different known vulnerabilities and give the developer feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner. The seccond stage of the application is validating if the developer properly implemented different types of defense mechanisms by means of different checklists such as the application security verification standards. By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defense mechanisms he forgot to implement and give him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner. LicensingThis program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. |
Project ResourcesGithub/source-code: Installation guide: Video tutorials: Post development stage: Knowledge base: Related Projects
Project LeadersGlenn ten Cate Classifications
|
News and Events
[24-03-2015:] | ||||||
For documentation, tutorials and guide's please visit: http://www.securityknowledgeframework.com, for more detailed information.
Contributors
Glenn ten Cate
Riccardo ten Cate
Alexander Kaasjager
John Haley
Daniel Paulus
Erik de Kuijper
Allot of colleagues at Schuberg Philis for helping and giving feedback.
Thank you guys, let's make it more Awesome!
Roadmap
Check out the: Online Scrum Board
Getting Involved
Submitting a Pull Request on Guthub:
Fork it. Create a branch (git checkout -b my_markup) Commit your changes (git commit -am "Added Snarkdown") Push to the branch (git push origin my_markup) Open a Pull Request
One of the authors will check your code example or knowledge-base item and add it to the master repo
We already had allot of the content and experience with the expert system that we created in the PoC version build with PHP.
The goal is to deliver an web-application that is easy to set-up and can run on different OS.
For this we chosen the Python Flask, this runs both on Windows as Linux and is easy to install.
