PoC implementation of SecurityCAT
SecurityCAT (Compliance Automation Tool) is a tool meant to test requirements you've defined with SecurityRAT. Given that the implementation depends on your requirements, it's recommended to implement your own version of SecurityCAT. This PoC is testing 3 requirements from OWASP ASVS 3.0.1:
ASVS_3.0.1_10.10: Requirement 10.10 - Presence of HPKP headerASVS_3.0.1_10.11: Requirement 10.11 - Presence of HSTS headerASVS_3.0.1_10.12: Requirement 10.12 - Actived preloading for HSTS
- Installed Python libraries
pip install -r requirements.txt - Redis
- the
securityrat_urlvariable ingateway.pyset to the URL of your actual SecurityRAT instance
- Launch your Redis instance (local port 6379 is expected by default)
- CD into the directory
- Start Celery
celery worker -A gateway.celery --loglevel=info - Starting testing MS:
python3 ./microservice.py - Starting gateway:
python3 ./gateway.py