Training & Guidance for doing AppSec right!

SKF is a fully open-source Python-Flask / Angular web-application that uses many other great open source projects to train you and your team in building secure applications, by design.

Scroll Down
Seed of Life

SKF in your SDLC

Discover where the Security Knowledge Framework can be implemented in your teams Software Development Life Cycle.

  • Requirements
    • Define your projects requirements or create your own scope of requirements. Out of the box SKF comes with ASVS and MASVS checklists and expert systems included.
  • Design
    • Detect possible threats based on the processing functions on your application. Use SKF to define security acceptence criteria for your features, so your developers know from the get-go how to mitigate risks.
  • Coding
    • An extensive library of common hacks, exploits, and best practices. Learn the hacker mindset and keep your project secure.
  • Testing
    • All requirements come with Knowledgebase items and references to the OWASP cheatsheet / OWASP testing guide series. SKF also gives reccomendations on tooling that can be used to automate testing of your requirements.
  • Culture Building
    • Invite team members and work together and spread a security first mindset.
  • Training
    • An extensive and different learning paths and interactive labs for a wide range of functions, beautifully commented.
  • Metrics
    • Keep track of open and closed security issues in your project.

SKF Features

Secure coding starts here.

  • Projects

    Create projects in SKF and start gathering requirements for your features/sprints

  • Code Examples

    An extensive library of common hacks, exploits, and best practices. Learn the hacker mindset and keep your project secure..

  • Checklists

    Out of the box SKF comes with ASVS and MASVS included.

  • Training platform

    Train your secure coding & hacking skills with over 150+ interactive labs that you can run locally or trough the SKF UI in your Kubernetes cluster.

  • Knowledge Base

    All requirements are correlated to knowledgebase items to give you more in depth information about attack vectors, impact, mitigation and best practices.

  • User Management

    Manage your users by adding linking SKF to your favourite OIDC provider

  • Design Patterns

    We included the most used user-stories in SKF to get your team get started quickly implementing ASVS in your projects.

  • Support

    Find us on our Gitter channel to ask us anything about SKF and how to get yourself started.

Try the Online Demo

Running on Microsoft Azure Kubernetes Service (AKS)

SKF as a Service

Don't want the hassle of setting up and maintaining your own instance? No problem, we can provide SKF as a SaaS!

Contact us!

SKF as a Service

Supporters

Organisations & Companies who deserve our spotlight

  • OWASP

    From day 1 the SKF project was part of the OWASP organisation as we had the same mission and wanted to make impact in AppSec. As the world's largest non-profit organisation concerned with software security, OWASP: Supports the building of impactful projects; Develops & nurtures communities through events and chapter meetings worldwide; and. Provides educational publications & resources.

  • OpenSSF

    The SKF Project is part of the OpenSSF Working group: Best Practices for Open Source Developers. Our objective is to provide open source developers with best practices recommendations, and with an easy way to learn and apply them. Unlike other existing best practices list, we want it to be widely distributed to open source developers and community-sourced. And we want these practices to stick, thanks to an effective learning platform (Keeper).

  • ING

    Special mention to ING for spending significant hours into the SKF Project and the learning platform (Keeper) and fully supporting us in the SKF initiatives.

  • Microsoft

    Special mention to Microsoft for spending significant hours into the SKF Project and the learning platform (Keeper) and giving us the Azure Kubernetes platform to host the SKF instance.

  • Google

    We owe gratitude to Google and the amazing GSoC program they run, the SKF team is mentoring students for the past years and added tons of major improvements.

  • Personio

    We also want to call out Personio’s amazing work in helping the SKF Project grow and allowing it to reach new frontiers with AWS support, while propelling several other SKF initiatives.

Become a supporter!