skf-flask v4.0 releases: Security Knowledge Framework Python Flask/Angular project

by do son · Published September 23, 2018 · Updated October 26, 2020

Security Knowledge Framework is an expert system application that uses the OWASP Application Security Verification Standard with detailed code examples (secure coding principles) to help developers in pre-development and post-development phases and create applications that are secure by design.

Our experience taught us that the current level of security of web-applications is not sufficient enough to ensure security. This is mainly because web-developers simply aren’t aware of the risks and dangers that are lurking, waiting to be exploited by hackers.

Because of this, we decided to develop a framework in order to create a guide-system available for all developers so they can develop applications secure by design from the start.

The OWASP Security Knowledge Framework is here to support developers to create secure applications. By using the OWASP Application Security Verification Standards. as a security requirement and give the developer feedback regarding descriptions and solutions on how to properly implement these security controls in a safe manner.

The second stage is validating if the developer properly implemented different security controls and the belonging defense mechanisms by means of checklists created with the OWASP Application Security Verification Standards. By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defense mechanisms the developer forgot to implement and give him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.

Changelog v4.0

Full support of hosting SKF on a Kubernetes platform (yes even on a Raspberry Pi K8s stack)
Deploy the security Labs from SKF or from Juice-shop directly from SKF platform and start hacking!
By default we created Design patterns for the ASVS categories , for a lot of cases you don’t need to go trough the Wizard anymore
Light and Dark mode of the SKF application
Tour explanation of the different pages and functionality
Made SKF ready for OpenID integration
ASVS Level 1 results have also the code/test examples on how to approach those requirements using SAST,DAST,SCA …