OWASP SecurityRAT

Tool mission

Simplify security requirement management during development using automation approaches.

Description

The core functionality of SecurityRAT (“Security Requirement Automation Tool”) can be described in the following steps:

  1. You tell SecurityRAT what kind of a software artifact you’re going to develop / are running
  2. SecurityRAT tells you which requirements you should fulfill.
  3. You decide how you want to handle the desired requirements.
  4. You persist the the artifact state in an issue tracker and create tickets for the requirements where an explicit action is necessary
  5. Throughout the continuous development of the particular artifact, you respect the rules defined in SecurityRAT and document relevant changes in requirement compliance whenever appropriate.

Focus of SecurityRAT is put on automation rather then the requirements. While we offer ASVS as an initial set of requirements which you can start with, we strongly recommended to create your own set of requirements which fits your company risk profile.


Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.