Skip to content
/ security-requirements-generator Public
forked from Whitespots-OU/security-requirements-generator

A small tool to help developers understand a huge set of security requirements from appsec teams

requirements.whitespots.io/en

License

MPL-2.0 license
0 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SecurityEdge2/security-requirements-generator

BranchesTags
 
 

Repository files navigation

About

Application Security requirements generator, based on ASVS, OWASP Testing guide and some experience :)

App homescreen

More about the problem

Many of you have seen a huge set of requirements from OWASP and met developers faces with many words to your side about such a big document. If not - you may find it here and try to share it to devs without prepairing them :)

What we did

  • Split ASVS requirements by functionality
  • Have added a function to mark some requirements as important (so your devs can start from them for example)
  • Mapped requirements to tests
  • Shared it for you in this repository and on our subdomain

Now you can

  • Use our free tool online here
  • Use our free tool in your infrastructure (see instructions below)

And have a useful set of important and relevant requirements:

pdf

Clone

git clone https://github.com/Whitespots-OU/security-requirements-generator.git srg && \
cd srg

Deploy

Server

export BASE_URL=http://hostname.com
docker-compose up -d --build
docker-compose run back migrate
docker-compose run back loaddata
docker-compose run back collectstatic
docker-compose exec back ./manage.py create_super_user --username admin --password PASSWORD
open https://hostname.com/admin/  # to login and set your company name

Local

Back

  • create virtualenv & install requirements
cd back
pyenv virtualenv 3.9.0 srg_back
pyenv activate srg_back
pip install poetry
poetry install
  • set environments
export DEBUG=on
export ALLOWED_HOSTS=*
export BASE_URL=http://localhost:8000
export REDIS_DSN=redis://localhost:6379/0
export DB_USER=user
export DB_PASS=pass
export DB_HOST=localhost
export DB_NAME=srg
  • call pre-commit install at command line
  • create DB in pg market
  • add envs from .env.dev
  • apply DB migrations ./manage.py migrate
  • create super user ./manage.py create_super_user
  • run localserver ./manage.py runserver
  • open admin panel and login as admin:admin
  • call make pre-commit before making a commit

Front

cd front
npm install
npm run serve
open http://localhost:8080
npm run build

Contributors

Development

@alex-deus - Did all this nice repositories with working code

Idea drivers

  • @sarosbacz - Noticed, that requirements are mixed with tests without categories
  • @httpnotonly - Brought everyone together

Hackers

  • @acrono - Gave us more requirements and tests
  • @a_ashwarya - Gave us more requirements and tests

About

A small tool to help developers understand a huge set of security requirements from appsec teams

requirements.whitespots.io/en

Resources

Readme

License

MPL-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Python 49.0%
  • CSS 21.9%
  • Vue 13.1%
  • Shell 5.6%
  • HTML 5.2%
  • JavaScript 4.2%
  • Other 1.0%