Create projects in SKF and start gathering requirements for your features/sprints
An extensive library of common hacks, exploits, and best practices. Learn the hacker mindset and keep your project secure..
Out of the box SKF comes with ASVS and MASVS included.
Train your secure coding & hacking skills with over 150+ interactive labs that you can run locally or trough the SKF UI in your Kubernetes cluster.
All requirements are correlated to knowledgebase items to give you more in depth information about attack vectors, impact, mitigation and best practices.
Manage your users by adding linking SKF to your favourite OIDC provider
We included the most used user-stories in SKF to get your team get started quickly implementing ASVS in your projects.
Find us on our Gitter channel to ask us anything about SKF and how to get yourself started.
First time users should start here. Instructions on how to install, and troubleshooting.
We encourage you to contribute to SKF, feel free to fork the project on Github.
We are very active in the SKF Gitter chat. We look forward to welcome you!
Need help with anything not covered in the docs? Feel free to post your issue.
All financial contributions directly support future development and features of SKF.
Security knowledge framework is licensed under the GNU 3.0 licence
From day 1 the SKF project was part of the OWASP organisation as we had the same mission and wanted to make impact in AppSec. As the world's largest non-profit organisation concerned with software security, OWASP: Supports the building of impactful projects; Develops & nurtures communities through events and chapter meetings worldwide; and. Provides educational publications & resources.
The SKF Project is part of the OpenSSF Working group: Best Practices for Open Source Developers. Our objective is to provide open source developers with best practices recommendations, and with an easy way to learn and apply them. Unlike other existing best practices list, we want it to be widely distributed to open source developers and community-sourced. And we want these practices to stick, thanks to an effective learning platform (Keeper).
Special mention to ING for spending significant hours into the SKF Project and the learning platform (Keeper) and fully supporting us in the SKF initiatives.
Special mention to Microsoft for spending significant hours into the SKF Project and the learning platform (Keeper) and giving us the Azure Kubernetes platform to host the SKF instance.
We owe gratitude to Google and the amazing GSoC program they run, the SKF team is mentoring students for the past years and added tons of major improvements.
We also want to call out Personio’s amazing work in helping the SKF Project grow and allowing it to reach new frontiers with AWS support, while propelling several other SKF initiatives.
The project provides a basis for testing web application and also provides developers with a list of requirements for secure development.
The project provides a basis for testing mobile application and also provides developers with a list of requirements for secure development.
The project was created to provide a set of simple good practice guides for application developers and defenders to follow.
OWASP Juice Shop is probably the most modern and sophisticated insecure web application to train your AppSec skills!
The premier cybersecurity testing document resource for web application developers and security professionals.
OWASP ZAP is an open-source web application security scanner, this can't be missing in your security toolkit!
The OWASP Top 10 is a standard awareness document for developers and web application security.
The Open Source Security Foundation has developed a trio of free courses 'Secure Software Development Fundamentals' on how to develop secure software.