This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Security Knowledge Framework"

From OWASP
Jump to: navigation, search
(Travis-ci.org:)
(Project Download)
Line 52: Line 52:
  
 
<b>Installation guide:</b>
 
<b>Installation guide:</b>
* http://skf.readme.io/v1.0/docs/installation<br />
+
* http://skf.readme.io/v1.0/docs/installation
 
 
<b>Installation guide with Chef:</b>
 
* https://skf.readme.io/docs/installation#section-automated-installation-with-chef<br />
 
 
 
<b>Installation guide for AWS:</b>
 
* https://skf.readme.io/docs/installation#section-aws-installation<br />
 
  
 
== Project Online Demo ==
 
== Project Online Demo ==
'''username: admin password: test-skf'''<br />
+
'''username: admin password: test-skf'''
 
* https://demo.securityknowledgeframework.org<br />
 
* https://demo.securityknowledgeframework.org<br />
  
'''Project website:'''<br />
+
'''Project website:'''
 
* http://www.secureby.design<br />
 
* http://www.secureby.design<br />
  
 
== Video demo ==
 
== Video demo ==
 
* https://www.youtube.com/watch?v=ogzCVtI8-qE&feature=youtu.be<br />
 
* https://www.youtube.com/watch?v=ogzCVtI8-qE&feature=youtu.be<br />
 
== Project OWASP-SKF Pebble ==
 
'''Released OWASP-SKF Pebble in the Appstore for free'''<br />
 
* http://apps.getpebble.com/en_US/application/556b65b8389795176b000042<br />
 
  
 
== Related Projects ==
 
== Related Projects ==
Line 90: Line 80:
 
   | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
 
   | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
 
   |-
 
   |-
   | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
+
   | rowspan="2" align="center" valign="top" width="50%" | [[File:Midlevel.png]]
 
   | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]   
 
   | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]   
 
   |-
 
   |-

Revision as of 20:26, 10 July 2017

banner-wiki-owasp.jpg

OWASP Security Knowledge Framework

The OWASP Security Knowledge Framework is intended to be a tool that is used as a guide for building and verifying secure software. It can also be used to train developers about application security. Education is the first step in the Secure Software Development Lifecycle.

The 4 Core usage of SKF:

  • Security Requirements OWASP ASVS for development and for third party vendor applications
  • Security knowledge reference (Code examples/ Knowledge Base items)
  • Security is part of design with the pre-development functionality in SKF
  • Use SKF to gather the right security requirements for your projects
  • SKF then gives extensive knowledgebase items that correlates to the security requirements
  • Developers can close "tickets" and leave an audit trail to determine possible technical depts or improvements
  • Security specialist can follow the "tickets" and audit trail and verify or Fail closed items and provide feedback.

Description

The OWASP Security Knowledge Framework is an expert system web-application that uses the OWASP Application Security Verification Standard and other resources. It can be used to support developers in pre-development (security by design) as well as after code is released (OWASP ASVS Level 1-3).

Why Use The OWASP Security Knowledge Framework?

Our experience taught us that the current level of security the current web-applications contain is not sufficient enough to ensure security. This is mainly because web-developers simpy aren't aware of the risks and dangers are lurking, waiting to be exploited by hackers.

Because of this we decided to develop a security tool in order to create a guide system available for all developers so they can develop applications secure by design.

The security knowledge framework is here to support developers create secure applications. By analysing proccessing techniques in which the developers use to edit their data the application can link these techniques to different known vulnerabilities and give the developer feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.

The seccond stage of the application is validating if the developer properly implemented different types of defense mechanisms by means of different checklists such as the application security verification standards.

By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defense mechanisms he forgot to implement and give him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

<paypal>Security Knowledge Framework </paypal>

Project Download

Github/source-code:

Installation guide:

Project Online Demo

username: admin password: test-skf

Project website:

Video demo

Related Projects

Asvs-satellite.jpgOWASP Resources

Project Leaders

Glenn ten Cate
Riccardo ten Cate

Classifications

Project Type Files TOOL.jpg
Midlevel.png Owasp-builders-small.png
Affero General Public License 3.0
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Security_Knowledge_Framework&oldid=231534"