This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Security Knowledge Framework

Revision as of 10:44, 15 March 2015 by Foobar (talk | contribs) (Project Resources)

Jump to: navigation, search
OWASP Project Header.jpg

Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.

OWASP Security Knowledge Framework Project

The OWASP Security Knowledge Framework Project is intended to be a tool used for building, verification and training.


It is an expert system web-application that uses OWASP Application Security Verification Standard. It support developers in pre-development (Security by design) It support developers after release of code (OWASP Checklist Level 1-3) Code-examples

Our experience taught us that the current level of security the current web-applications contain is not sufficient enough to ensure security. This is mainly because web-developers simpy aren't aware of the risks and dangers are lurking, waiting to be exploited by hackers.

Because of this we decided to develop a security tool in order to create a guide system available for all developers so they can develop applications secure by design.

The security knowledge framework is here to support developers create secure applications. By analysing proccessing techniques in which the developers use to edit their data the application can link these techniques to different known vulnerabilities and give the developer feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.

The seccond stage of the application is validating if the developer properly implemented different types of defense mechanisms by means of different checklists such as the application security verification standards.

By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defense mechanisms he forgot to implement and give him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.


This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Project Resources


Guide's and tutorials:
http://securityknowledgeframework.comGuide's and tutorials

Online demo version:

Project Leaders

Glenn ten Cate
Riccardo ten Cate

Related Projects

This is where you can link to other OWASP Projects that are similar to yours.


Project Type Files TOOL.jpg
Incubator Project Owasp-builders-small.png
Affero General Public License 3.0

News and Events

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. The point of a document like this are the answers. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'


The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project. Be sure to provide a link to a complete list of all the amazing people in your project's community as well.

Glenn ten Cate


The project is almost ready for the first Official release. In the future we want to do the following things:

Information/feedback gathering from users Design new layout for improved userbility Write new code examples Write new content for knowledge base Iterate old examples for improvement Hook code examples to knowledge-base items

Getting Involved

The goal is to deliver an web-application that is easy to set-up and can run on different OS. For this we chosen the Python Flask, this runs both on Windows as Linux and is easy to install.