GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ blabla1337 β†’ Skf Flask

blabla1337 / Skf Flask

Licence: agpl-3.0
Security Knowledge Framework (SKF) Python Flask / Angular project

Labels

htmlsecuritysecurity-auditsecurity-hardeningsecure-by-default

Projects that are alternatives of or similar to Skf Flask

Hardentheworld
Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
Stars: ✭ 158 (-72.43%)
Mutual labels:  security-audit, security-hardening, secure-by-default
Rails Security Checklist
πŸ”‘ Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
Stars: ✭ 1,265 (+120.77%)
Mutual labels:  security-audit, security-hardening
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+1494.59%)
Mutual labels:  security-audit, security-hardening
Btle Sniffer
Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them
Stars: ✭ 87 (-84.82%)
Mutual labels:  security-audit, security-hardening
Marsnake
System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-97.21%)
Mutual labels:  security-audit, security-hardening
Audit scripts
Scripts to gather system configuration information for offline/remote auditing
Stars: ✭ 55 (-90.4%)
Mutual labels:  security-audit, security-hardening
Golang Tls
Simple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+49.56%)
Mutual labels:  security-audit, security-hardening
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-92.67%)
Mutual labels:  security-audit, security-hardening
assimilation-official
This is the official main repository for the Assimilation project
Stars: ✭ 47 (-91.8%)
Mutual labels:  security-audit, security-hardening
nerfball
Want to see how something like Internet Chemotherapy works without bricking your own vms? This is a jail to reduce the python runtime from doing bad things on the host when running untrusted code. Nerf what you do not need πŸ‘Ύ + πŸ› ⚽ 🏈 🐳
Stars: ✭ 19 (-96.68%)
Mutual labels:  security-audit, security-hardening
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+1443.46%)
Mutual labels:  security-audit, security-hardening
Electriceye
Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.
Stars: ✭ 255 (-55.5%)
Mutual labels:  security-audit, security-hardening
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+1304.19%)
Mutual labels:  security-audit, security-hardening
awesome-rails-security
A curated list of security resources for a Ruby on Rails application
Stars: ✭ 36 (-93.72%)
Mutual labels:  security-audit, security-hardening
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+695.99%)
Mutual labels:  security-audit, security-hardening
Xss Listener
πŸ•·οΈ XSS Listener is a penetration tool for easy to steal data with various XSS.
Stars: ✭ 414 (-27.75%)
Mutual labels:  security-hardening
Dradis Ce
Dradis Framework: Colllaboration and reporting for IT Security teams
Stars: ✭ 443 (-22.69%)
Mutual labels:  security-audit
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (-27.92%)
Mutual labels:  security-audit
Archstrike
An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (-30.02%)
Mutual labels:  security-audit
Attacking And Auditing Docker Containers And Kubernetes Clusters
Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters
Stars: ✭ 509 (-11.17%)
Mutual labels:  security-audit
View All Similar Projects βž”

OWASP Security Knowledge Framework

SKF Logo


Project status details:
Join the chat at https://gitter.im/Security-Knowledge-Framework/Lobby Join the chat at https://owasp.slack.com/messages/C0F7L9X6V OWASP Flagship OSSF Working group: Best Practices for Open Source Developers


Quality testing:
Build Travis CI Master Known Vulnerabilities Coverage Status Requirements Status

Security Knowledge Framework is an expert system application that uses the OWASP Application Security Verification Standard with detailed code examples (secure coding principles) to help developers in pre-development and post-development phases and create applications that are secure by design.

Table of Contents

Introduction

Our experience taught us that the current level of security of web-applications is not sufficient enough to ensure security. This is mainly because web-developers simply aren't aware of the risks and dangers that are lurking, waiting to be exploited by hackers.

Because of this we decided to develop a framework in order to create a guide-system available for all developers so they can develop applications secure by design from the start.

The OWASP Security Knowledge Framework is here to support developers in creating secure applications. By using the OWASP Application Security Verification Standards. as a security requirement and give the developer feedback regarding descriptions and solutions on how to properly implement these security controls in a safe manner.

The second stage is validating if the developer properly implemented different security controls and the belonging defence mechanisms by means of checklists created with the OWASP Application Security Verification Standards. By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defence mechanisms the developer forgot to implement and gives him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.

Installing

Kubernetes installation how to

Bare metal / on premise installation how to

Docker-compose local how to

SKF K8s Raspberry pi cluster how to

SKF Chatbot installation how to

Updating Database

There is a method available to update the content of the SKF application.

When you have modified or created new Knowledge base items, code examples or checklist you need to run the following commands in the SKF root directory:

export FLASK_APP=skf/app.py
export PYTHONPATH=.:$PYTHONPATH
flask updatedb

Updating chatbot

There is a method available to update the dataset of the SKF chatbot application.

When you have modified or created new Knowledge base items, code examples or checklist you need to run the following commands in the SKF root directory:

export FLASK_APP=skf/app.py
export PYTHONPATH=.:$PYTHONPATH
flask initdataset

Usage

For more detailed information such as setting up an admin account and user guides please see the extended documentation that can be found below:

Readme: extended documentation

CI-Pipeline

Travis-ci.org:

Test and Deploy with Confidence. Easily sync your GitHub projects with Travis CI and you'll be testing your code in minutes!
SKF Build details:

https://travis-ci.org/blabla1337/skf-flask

Coveralls.io Python:

DELIVER BETTER CODE. We help developers deliver code confidently by showing which parts of your code aren't covered by your test suite.
SKF Coveralls details:

https://coveralls.io/r/blabla1337/skf-flask

codecov.io for Angular:

Code coverage done right. Highly integrated with GitHub, Bitbucket and GitLab.
SKF codecov details:

https://codecov.io/gh/blabla1337/skf-flask

Bithound.io NPM packages:

BitHound provides your Node team with comprehensive and prioritized issues in your code and npm packages.
SKF Bithound details:

https://www.bithound.io/github/blabla1337/skf-flask

Requires.io pip packages:

Stay Up-to-date! Stay secure! Requires.io monitors your Python projects dependencies, and notify you whenever any of your dependency is out-of-date.
SKF Requires details:

https://requires.io/github/blabla1337/skf-flask/requirements/

Black Duck Security Risk:

Announcing Black Duck CoPilot, a new service helping open source project teams catalog and report on their project's dependencies.
SKF Requires details:

https://copilot.blackducksoftware.com/github/groups/blabla1337/locations/skf-flask/public/results

uptimerobot.com:

Monitor HTTP(s), Ping, Port and check Keywords. Get alerted via e-mail, SMS, Twitter, web-hooks or push. View uptime, downtime and response times.

ssllabs.com & sslbadge.org:

ssllabs.org:
Bringing you the best SSL/TLS and PKI testing tools and documentation.

sslbadge.org:
Creates a nice badge for your website SSL/TLS security settings based on the Qualys SSL Labs testing.

SSL Rating

License

Copyright (C) 2021  Glenn ten Cate, Riccardo ten Cate

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

OWASP:

Contributors

  • Glenn ten Cate
  • Riccardo ten Cate
  • Mattijs van Ommeren
  • Alexander Kaasjager
  • John Haley
  • Daniel Paulus
  • Erik de Kuijper
  • Roderick Schaefer
  • Jim Manico
  • Martijn Gijsberti Hodenpijl
  • Bithin Alangot
  • Martin Knobloch
  • Adam Fisher
  • Tom Wirschell
  • Joerg Stephan
  • Simon Brakhane
  • Gerco Grandia
  • Ross Nanopoulos
  • Bob van den Heuvel
  • Mariano Jose Abdala
  • Ilguiz Latypov
  • Laurence Keijmel
  • Rick Mitchell (Kingthorin)
  • Xenofon Vassilakopoulos
  • Heeraj Nair
  • Alpha Kitonga
  • Wojciech ReguΕ‚a
  • Amadeusz Starzykiewicz
  • Adam Zima
  • Kacper Madej
  • RafaΕ‚ Fronczyk
  • Chang Xu (Neo)
  • Martin Marsicano
  • Priyanka Jain
  • Chandrasekar Karthickrajan
  • Leena Bhegade
  • Balazs Hambalko
  • Rudy Truyens
  • Giulio Comi
  • Aniket Surwade
  • Thiago Luiz Dimbarre
  • Harshant Sharma
  • Lucas Luitjes
  • Semen Rozhkov
  • Mehtab Zafar
  • Daniel Spilsbury
  • Akash M
  • Tess Sluijter
  • Xavier Rene-Corail
  • David Wheeler
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].