OWASP Developer Guide

Security Knowledge Framework training

7.3 Security Knowledge Framework training

The Security Knowledge Framework (SKF) is an expert system application that uses various open source projects to support development teams and security architects in building secure applications. The Security Knowledge Framework uses the OWASP Application Security Verification Standard (ASVS) with code examples to help developers in pre-development and post-development phases and create applications that are secure by design.

Having been an OWASP flagship project for many years the SKF is now no longer within the OWASP organization; it will continue to be referenced in the OWASP Wayfinder and other OWASP projects because it is certainly a flagship project for any organization.

What is the Security Knowledge Framework?

The SKF is a web application that is available from the github repo. There is a demo version of SKF that is useful for exploring the multiple benefits of the SKF. Note that SKF is in a process of migrating to a new repository so the download link may change.

The SKF provides training and guidance for application security:

Why use the SKF?

The SKF provides both learning courses and practice labs that are useful for development teams to practice secure coding skills.

The following learning courses are available (as of December 2023):

  • Developing Secure Software (LFD121)
  • Understanding the OWASP Top 10 Security Threats (SKF100)
  • Secure Software Development: Implementation (LFD105x)

and there are plans for more training courses. All of these courses (LFD121, SKF100 and LFD105x) are provided by the Linux Foundation.

In addition to the training courses there are a wide range of practice labs (64 as of December 2023).

How to use the SKF

The easiest way to get started with the SKF training is to try the online demo. This will provide access to the practice labs, the training courses and also to the requirements tool.

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.