Skip to content

timgrossmann/SecurityCAT-PoC

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

gateway.py

gateway.py

 
 

microservice.py

microservice.py

 
 

Repository files navigation

SecurityCAT-PoC

PoC implementation of SecurityCAT

SecurityCAT (Compliance Automation Tool) is a tool meant to test requirements you've defined with SecurityRAT. Given that the implementation depends on your requirements, it's recommended to implement your own version of SecurityCAT. This PoC is testing 3 requirements from OWASP ASVS 3.0.1:

  • ASVS_3.0.1_10.10: Requirement 10.10 - Presence of HPKP header
  • ASVS_3.0.1_10.11: Requirement 10.11 - Presence of HSTS header
  • ASVS_3.0.1_10.12: Requirement 10.12 - Actived preloading for HSTS

Prerequisities

  • Redis
  • Python libraries stated in gateway.py and microservice.py
  • the securityrat_url variable in gateway.py set to the URL of your actual SecurityRAT instance

How to launch

  1. Launch your Redis instance (local port 6379 is expected by default)
  2. CD into the directory
  3. Start Celery celery worker -A gateway.celery --loglevel=info
  4. Starting testing MS: python3 ./microservice.py
  5. Starting gateway: python3 ./gateway.py

About

PoC implementation of SecurityCAT

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%