What is FrAppSec?

FrAppSec is an effort to fill the gap of the existing projects dealing with the subject of application security. It started because recurring themes were observed across application security initiatives which can be abstracted and reused.

It’s a blueprint for how things should be done in order to have a consistent end to end approach on application security. It provides the vocabulary, paradigms and documentation needed.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.




To Do

The to-do list is managed via issues in Github


  • 30.06.2017 - versioning removed. In a git environment with regular commits, the latest master branch is the one version of truth. Changes can be tracked and analyzed by anybody.
  • 2017.1 - 01.04.2017 - first release
  • 2016.0 - November 2016 - March 2017 - development of the framework, first round of reviews and changes

Version number convention

At a minimum, we aim for a yearly release cycle. Each release will be named after the release year followed by the ‘.’ character and the version number.

Example: 2016.1 (1st release of the year 2016), 2016.2 (2nd release of the year 2016), etc.

Exception: 2016.0 - the version number used during development