Security Knowledge Framework
Training developers in writing secure code

SKF is a fully open-source Python-Flask web-application that uses the OWASP Application Security Verification Standard to train you and your team in writing secure code, by design.

Major new release SKF

We are to announce that we are having a new Major release of SKF ready!

Release date 27-09-2019 @OWASP AppSec Amstedam

OWASP Appsec Amsterdam

We will be doing a presentation about the new SKF release and demo the new features

SKF proven useful? You can donate to the project on our OWASP Wiki page.

Detect possible threats in your application

In pre-development detect possible threats based on the processing functions on your application.

Run OWASP ASVS Checklists

Harden your application functions in post-development by running OWASP ASVS checklists, complete with feedback and solutions.

Learn about threats and vulnerabilities in the SKF knowledge base

An extensive library of common hacks and exploits, learn the hacker mindset and keep your project secure.

Learn to code secure from best practice code examples

An extensive library of code examples for a wide range of functions, beautifully commented.


We have set up a demo version where you can test the SKF Application. Check it out!



Getting started or need more information? Check out our documentation here.



Request support here in case our documentation is not sufficient.


What is SKF?

Over 15 years of experience in web application security bundled into a single application. The Security Knowledge Framework is a vital asset to the coding toolkit of you and your development team. Use SKF to learn and integrate security by design in your web application.

SKF is an open source security knowledgebase including manageble projects with checklists and best practice code examples in multiple programming languages showing you how to prevent hackers gaining access and running exploits on your application.

In a nutshell

  • Training your developers in writing secure code
  • Security support pre-development (Security by design, early feedback of possible security issues)
  • Security support post-development(Double check your code by means of the OWASP ASVS checklists )
  • Code examples for secure coding


Glenn ten Cate

Glenn ten Cate

As a coder, hacker, speaker, trainer and security researcher employed at ING Belgium Glenn has over 15 years experience in the field of security. One of the founders of defensive development def[dev]eu a security training and conference series dedicated to helping you build and maintain secure software and also speaking at multiple other security conferences in the world. His goals is to create an open-source software development life cycle with the tools and knowledge gathered over the years.

Linkedin Profile

Riccardo ten Cate

Riccardo ten Cate

As a penetration tester from the Netherlands employed at Zerocopter Riccardo specialises in web-application security and has extensive knowledge in securing web applications in multiple coding languages.

Linkedin Profile