Skip to content

SKF

SKF logo

The Security Knowledge Framework (SKF) is a training system that draws on various open source projects to support development teams and security architects in building secure applications.

Having been an OWASP flagship project for many years the SKF is now no longer within the OWASP organization; it will continue to be referenced in the OWASP Wayfinder and other OWASP projects because it is certainly a flagship project for any organization.

What is the Security Knowledge Framework?

The SKF is a web application that provides training and education for development teams. As their website puts it: "Training and guidance for doing AppSec right!"

For example the SKF uses the OWASP Application Security Verification Standard (ASVS) with code examples to help developers in pre-development and post-development phases and create applications that are secure by design.

The SKF provides training and guidance in several ways:

Note that SKF is in a process of migrating to a new repository so the download link may change.

Why use the SKF?

The SKF provides both learning courses and practice labs that are useful for development teams to practice secure coding skills.

The following learning courses are available (as of December 2023):

  • Developing Secure Software (LFD121)
  • Understanding the OWASP Top 10 Security Threats (SKF100)
  • Secure Software Development: Implementation (LFD105x)

and there are plans for more training courses. All of these courses (LFD121, SKF100 and LFD105x) are provided by the Linux Foundation.

In addition to the training courses there are a wide range of practice labs (64 as of December 2023).

How to use the SKF

The easiest way to get started with the SKF training is to try the online demo. This will provide access to the practice labs, the training courses and also to the requirements tool.

Follow the documentation on installing and using the SKF.

The OWASP Spotlight series provides an overview of the SKF: 'Project 7 - Security Knowledge Framework (SKF)'.

References

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.