| layout | title | tags | project | level | type | pitch |
|---|---|---|---|---|---|---|
col-sidebar |
OWASP SecurityRAT |
securityrat |
true |
2 |
tool |
OWASP SecurityRAT is a tool used by development teams, helping them master security requirements during development. |
Simplify security requirement management during development using automation approaches.
The core functionality of SecurityRAT ("Security Requirement Automation Tool") can be described in the following steps:
- You tell SecurityRAT what kind of a software artifact you're going to develop / are running
- SecurityRAT tells you which requirements you should fulfill.
- You decide how you want to handle the desired requirements.
- You persist the the artifact state in an issue tracker and create tickets for the requirements where an explicit action is necessary
- Throughout the continuous development of the particular artifact, you respect the rules defined in SecurityRAT and document relevant changes in requirement compliance whenever appropriate.
Focus of SecurityRAT is put on automation rather then the requirements. While we offer ASVS as an initial set of requirements which you can start with, we strongly recommended to create your own set of requirements which fits your company risk profile.
You can try out SecurityRAT at https://securityrat.org
Username: demo
Pasword: SecurityRATdemo10!
You can also play around with changing the requirements, the database is reset every 24 hours.