PoC implementation of SecurityCAT
SecurityCAT (Compliance Automation Tool) is a tool meant to test requirements you've defined with SecurityRAT. Given that the implementation depends on your requirements, it's recommended to implement your own version of SecurityCAT. This PoC is testing 3 requirements from OWASP ASVS 3.0.1:
ASVS_3.0.1_10.10
: Requirement 10.10 - Presence of HPKP headerASVS_3.0.1_10.11
: Requirement 10.11 - Presence of HSTS headerASVS_3.0.1_10.12
: Requirement 10.12 - Actived preloading for HSTS
- Installed Python libraries
pip install -r requirements.txt
- Redis
- the
securityrat_url
variable ingateway.py
set to the URL of your actual SecurityRAT instance
- Launch your Redis instance (local port 6379 is expected by default)
- CD into the directory
- Start Celery
celery worker -A gateway.celery --loglevel=info
- Starting testing MS:
python3 ./microservice.py
- Starting gateway:
python3 ./gateway.py