Training developers in writing secure code

SKF is a fully open-source Python-Flask web-application that uses the OWASP Application Security Verification Standard to train you and your team in writing secure code, by design.

Scroll Down
Seed of Life

SKF in your SDLC

Discover where the Security Knowledge Framework can be implemented in your teams Software Development Life Cycle.

  • Requirements
    • Define your projects requirements or create your own scope of requirements. Out of the box SKF comes with ASVS and MASVS checklists and expert systems included.
  • Design
    • Detect possible threats based on the processing functions on your application. Use SKF to define security acceptence criteria for your features, so your developers know from the get-go how to mitigate risks.
  • Coding
    • An extensive library of common hacks, exploits, and best practices. Learn the hacker mindset and keep your project secure.
  • Testing
    • All requirements come with Knowledgebase items and references to the OWASP cheat sheet / OWASP testing guide series. SKF also gives reccomendations on tooling that can be used to automate testing of your requirements.
  • Culture Building
    • Invite team members and work together and spread a security first mindset.
  • Training
    • An extensive library of code examples and interactive labs for a wide range of functions, beautifully commented.
  • Metrics
    • Keep track of open and closed security issues in your project.

SKF Features

Secure coding starts here.

  • Projects

    Create projects in SKF and start gathering requirements for your features/sprints

  • Code Examples

    An extensive library of common hacks, exploits, and best practices. Learn the hacker mindset and keep your project secure..

  • Checklists

    Out of the box SKF comes with ASVS and MASVS included.

  • Labs

    Train your hacking skills with over 50+ interactive labs that you can run locally or trough the SKF UI in your Kubernetes cluster.

  • Knowledge Base

    All requirements are correlated to knowledgebase items to give you more in depth information about attack vectors, impact, mitigation and best practices.

  • User Management

    Manage your users by adding linking SKF to your favourite OIDC provider

  • Design Patterns

    We included the most used user-stories in SKF to get your team get started quickly implementing ASVS in your projects.

  • Support

    Find us on our Gitter channel to ask us anything about SKF and how to get yourself started.

Try the Online Demo

Running on Raspberry Pi

  • Username: admin
  • Password: test-skf
Online Demo

SKF as a Service

Don't want the hassle of setting up and maintaining your own instance? No problem, we can provide SKF as a SaaS!

Contact us!

SKF as a Service