{"_id":"554e5ea00f31e40d0028e814","version":{"_id":"553aa3050074c80d00621c36","__v":6,"project":"553aa3050074c80d00621c33","createdAt":"2015-04-24T20:09:41.956Z","releaseDate":"2015-04-24T20:09:41.955Z","categories":["553aa3060074c80d00621c37","554dd8d10f31e40d0028e7a2","554ddd802432590d00bd511a","569784c469393517000c8315","569784ce3503e40d0061f40e","59685ebf456d69001568a933"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"user":"553aa28b9a32920d0086714a","__v":5,"category":{"_id":"553aa3060074c80d00621c37","__v":8,"project":"553aa3050074c80d00621c33","pages":["553aa3070074c80d00621c39","554dd7680f31e40d0028e79f","554dd7882432590d00bd5106","554dd79fbe34a70d00037873","554dd7d02432590d00bd5108","554dd7e2be34a70d00037876","554dd8b6be34a70d0003787a","554e5ea00f31e40d0028e814"],"version":"553aa3050074c80d00621c36","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-04-24T20:09:42.471Z","from_sync":false,"order":1,"slug":"setup","title":"Setup"},"project":"553aa3050074c80d00621c33","parentDoc":null,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-05-09T19:23:12.550Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":0,"body":"Security Knowledge Framework is an expert system application that uses the OWASP Application Security Verification Standard with detailed code examples (secure coding principles) to help developers in pre-development and post-development phases and create applications that are secure by design.\n\nOur experience taught us that the current level of security of web-applications is not sufficient enough to ensure security. This is mainly because web-developers simply aren't aware of the risks and dangers that are lurking, waiting to be exploited by hackers.\n\nBecause of this we decided to develop a framework in order to create a guide-system available for all developers so they can develop applications secure by design from the start.\n\nThe OWASP Security Knowledge Framework is here to support developers create secure applications. By using the [OWASP Application Security Verification Standards.](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) as a security requirement and give the developer feedback regarding descriptions and solutions on how to properly implement these security controls in a safe manner.\n\nThe second stage is validating if the developer properly implemented different security controls and the belonging defence mechanisms by means of checklists created with the [OWASP Application Security Verification Standards.](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defence mechanisms the developer forgot to implement and give him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner.\n[block:callout]\n{\n  \"type\": \"info\",\n  \"body\": \"Copyright (C) 2017  Glenn ten Cate, Riccardo ten Cate\\n\\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\\n\\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.\\n\\nYou should have received a copy of the GNU Affero General Public License along with this program.  If not, see <http://www.gnu.org/licenses/>.\",\n  \"title\": \"License\"\n}\n[/block]","excerpt":"","slug":"introduction","type":"basic","title":"Introduction"}
Security Knowledge Framework is an expert system application that uses the OWASP Application Security Verification Standard with detailed code examples (secure coding principles) to help developers in pre-development and post-development phases and create applications that are secure by design. Our experience taught us that the current level of security of web-applications is not sufficient enough to ensure security. This is mainly because web-developers simply aren't aware of the risks and dangers that are lurking, waiting to be exploited by hackers. Because of this we decided to develop a framework in order to create a guide-system available for all developers so they can develop applications secure by design from the start. The OWASP Security Knowledge Framework is here to support developers create secure applications. By using the [OWASP Application Security Verification Standards.](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) as a security requirement and give the developer feedback regarding descriptions and solutions on how to properly implement these security controls in a safe manner. The second stage is validating if the developer properly implemented different security controls and the belonging defence mechanisms by means of checklists created with the [OWASP Application Security Verification Standards.](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) By means of the answers supplied by the developer the application again generates documentation in which it gives feedback on what defence mechanisms the developer forgot to implement and give him feedback regarding descriptions and solutions on how to properly implement these techniques in a safe manner. [block:callout] { "type": "info", "body": "Copyright (C) 2017 Glenn ten Cate, Riccardo ten Cate\n\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\n\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.\n\nYou should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.", "title": "License" } [/block]