The OWASP Security Knowledge Framework is an expert system web-application that uses the OWASP Application Security Verification Standard and other resources. It can be used to support developers in pre-development (security by design) as well as after code is released (OWASP ASVS Level 1-3).
Detect possible threats in your application
In pre-development detect possible threats based on the processing functions on your application.Run OWASP ASVS Checklists
Harden your application functions in post-development by running OWASP ASVS checklists, complete with feedback and solutions.Learn about threats and vulnerabilities in the SKF knowledge base
An extensive library of common hacks and exploits, learn the hacker mindset and keep your project secure.Learn to code secure from best practice code examples
An extensive library of code examples for a wide range of functions, beautifully commented.Project Online Demo
username: admin password: test-skfProject website:
