Training developers in writing secure code

SKF is a fully open-source Python-Flask web-application that uses the OWASP Application Security Verification Standard to train you and your team in writing secure code, by design.

2015 Open Source Rookies of the Year

We are honored to receive a honorable mention for the Black Duck Open Source Rookies of the Year awards.

OWASP

Presentation about skf on the OWASP BeNeLux Days

SKF proven useful? You can donate to the project on our OWASP Wiki page.

Detect possible threats in your application

In pre-development detect possible threats based on the processing functions on your application.

Run OWASP ASVS Checklists

Harden your application functions in post-development by running OWASP ASVS checklists, complete with feedback and solutions.

Learn about threats and vulnerabilities in the SKF knowledge base

An extensive library of common hacks and exploits, learn the hacker mindset and keep your project secure.

Learn to code secure from best practice code examples

An extensive library of code examples for a wide range of functions, beautifully commented.

Demo

We have set up a demo version where you can test the SKF Application. Check it out!

Go

Documentation

Getting started or need more information? Check out our documentation here.

Go

Support

Request support here in case our documentation is not sufficient.

Go

What is SKF?

Over 10 years of experience in web application security bundled into a single application. The Security Knowledge Framework is a vital asset to the coding toolkit of you and your development team. Use SKF to learn and integrate security by design in your web application.

SKF is an open source security knowledgebase including manageble projects with checklists and best practice code examples in multiple programming languages showing you how to prevent hackers gaining access and running exploits on your application.

In a nutshell

  • Training your developers in writing secure code
  • Security support pre-development (Security by design, early feedback of possible security issues)
  • Security support post-development(Double check your code by means of the OWASP ASVS checklists )
  • Code examples for secure coding

Authors

Glenn ten Cate

Glenn ten Cate

As a coder, hacker, speaker, trainer and security researcher employed at L&B ICT Glenn has over 10 years experience in the field of security. One of the founders of defensive development [defdev] a security training and conference series dedicated to helping you build and maintain secure software and also speaking at multiple other security conferences in the world. His goals is to create an open-source software development life cycle with the tools and knowledge gathered over the years.

Linkedin Profile

Riccardo ten Cate

Riccardo ten Cate

As a penetration tester from the Netherlands employed at L&B ICT Riccardo specialises in web-application security and has extensive knowledge in securing web applications in multiple coding languages.

Linkedin Profile