OWASP Security Knowledge Framework

SKF Logo

Project status details:
Join the chat at https://gitter.im/Security-Knowledge-Framework/Lobby Join the chat at https://owasp.slack.com/messages/C0F7L9X6V OWASP Flagship OSSF Working group: Best Practices for Open Source Developers

Quality testing:
Build Travis CI Master Known Vulnerabilities Coverage Status Requirements Status

What is SKF?

Over 15 years of experience in web application security bundled into a single application. The Security Knowledge Framework is a vital asset to the coding toolkit of your development team. Use SKF to learn and integrate security by design in your web application.

SKF is an open source security knowledgebase including manageable projects with checklists and best practice code examples in multiple programming languages showing you how to prevent hackers gaining access and running exploits on your application.

In a nutshell

  • Training your developers in writing secure code
  • Security by design, early feedback of possible security issues
  • Code examples for secure coding guidance
  • Knowledge base items for deeper understanding of the security controls
  • Security labs to improve your verification skills
  • Machine learning chatbot for easy support


Glenn ten Cate

As a coder, hacker, speaker, trainer and security researcher employed at ING Belgium Glenn has over 15 years experience in the field of security. One of the founders of defensive development def[dev]eu a security training and conference series dedicated to helping you build and maintain secure software and also speaking at multiple other security conferences in the world. His goals is to create an open-source software development life cycle with the tools and knowledge gathered over the years.

Glenn ten Cate LinkedIn

Riccardo ten Cate

As a penetration tester from the Netherlands employed at Zerocopter Riccardo specialises in web-application security and has extensive knowledge in securing web applications in multiple coding languages.

Riccardo ten Cate LinkedIn


Contributors have contributed quality content and are logged in the GitHub repository. A Big thank you for their effort!


  • Glenn ten Cate
  • Riccardo ten Cate
  • Mattijs van Ommeren
  • Alexander Kaasjager
  • John Haley
  • Daniel Paulus
  • Erik de Kuijper
  • Roderick Schaefer
  • Jim Manico
  • Martijn Gijsberti Hodenpijl
  • Bithin Alangot
  • Martin Knobloch
  • Adam Fisher
  • Tom Wirschell
  • Joerg Stephan
  • Simon Brakhane
  • Gerco Grandia
  • Ross Nanopoulos
  • Bob van den Heuvel
  • Mariano Jose Abdala
  • Ilguiz Latypov
  • Laurence Keijmel
  • Rick Mitchell (Kingthorin)
  • Xenofon Vassilakopoulos
  • Heeraj Nair
  • Alpha Kitonga
  • Wojciech Reguła
  • Amadeusz Starzykiewicz
  • Adam Zima
  • Kacper Madej
  • Rafał Fronczyk
  • Chang Xu (Neo)
  • Martin Marsicano
  • Priyanka Jain
  • Chandrasekar Karthickrajan
  • Leena Bhegade
  • Balazs Hambalko
  • Rudy Truyens
  • Giulio Comi
  • Aniket Surwade
  • Thiago Luiz Dimbarre
  • Harshant Sharma
  • Lucas Luitjes
  • Semen Rozhkov
  • Mehtab Zafar
  • Daniel Spilsbury
  • Akash M
  • Tess Sluijter
  • Xavier Rene-Corail
  • David Wheeler

Project FAQ

If you have any questions about OWASP-SKF or issues when using or deploying then please join us in the Gitter or Slack chats that we are active on: Join the chat at https://gitter.im/Security-Knowledge-Framework/Lobby Join the chat at https://owasp.slack.com/messages/C0F7L9X6V

Also for dropping feedback and discussing improvements we are happily to have a discussion about it!

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. As we have knowledge base items 300+ that can use some editing OWASP-SKF Knowledge base items