OWASP Risk Assessment Framework

The OWASP Risk Assessment Framework

Repo Size Contributions Welcome

OWASP Incubator PRESENT PRESENT MIT license

The OWASP Risk Assessment Framework consist of Static application security testing, Risk Assessment tools, DAST Scanner tools, Eventhough there are many SAST & DAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework’s Static Appilication Security Testing tool Testers will be able to analyse and review their code quality and vulnerabilities without any additional setup. OWASP Risk Assessment Framework can be integrated in the DevSecOps toolchain to help developers to write and produce secure code.

Static Application security Testing

  • For more detailed information, refer to the user guide

    Demo RAF SAST Tool

Demo-1

Demo-2 __

At this time RAF has 2 tools is RAF Scanner IDE for SAST also DAST Scanner

RAF Scanner IDE
RAF DAST Scanner

Join Our Telegram Channel

https://t.me/joinchat/IjCM_BRrcPYPC3X0DZ4Rog

Slack Channel

#risk-assessment @ https://owasp.slack.com/


Risk Assessment Framework In Action : Demo RAF SAST Tool

Demo-1

Demo-2

RAF DAST Scanner

RAF DAST Youtube
RAF DAST Demo


LANDING PAGE/ HOME PAGE

Summarized results of your tests can be viewed from here

  • Using the left sidebar you will be able to navigate to other pages.
  • Mainly,
  • Total Scans
  • Vulnerabilities detected
  • Report count

Can be viewed

TOOLS PAGE

  • Tools page let you access the tools provided by the Risk Assessment Framework
  • Where you can upload your code to get the results.
  • Types of code upload,
  • Upload from local disk
  • Upload from repository

RAF DAST Scanner

  • Can scan IP/Website
  • Scan scheduler
  • generate report
  • scan by agent based scanning
  • scan by cve also port scan