Secure coding is the first line of Cyber-Defense against malicious attacks. The Consulting team of twelvesec, ever committed in helping the IT community mitigate the Cyber-risks imposed, has developed Java snippets and contributed them to the Security Knowledge Framework (skf) of owasp.
The java snippets have been developed to include OWASP ASVS requirements by our consultant Vassilakopoulos Xenofon, who has been acknowledged as an official contributor to the OWASP Security Knowledge Framework.
The java snippets can be found in the github page of Security Knowledge Framework.
About OWASP s' SKF
The OWASP security knowledge framework is a Cyber-Defense tool developed by OWASP foundation, that is used as a guide for building and verifying secure software. It can also be used to train developers about application security. Education is the first step in the Secure Software Development Lifecycle.
The Core usage of SKF includes:
- Security Requirements OWASP ASVS for development and for third party vendor applications
- Security knowledge reference (Code examples/ Knowledge Base items)
- Security is part of design with the pre-development functionality in SKF
- Use SKF to gather the right security requirements for your projects
- SKF then gives extensive knowledgebase items that correlates to the security requirements
- Developers can close “tickets” and leave an audit trail to determine possible technical depts or improvements
- Security specialist can follow the “tickets” and audit trail and verify or Fail closed items and provide feedback.