Skip to main content

The Application Security Assessment Assistant

Project description

asaa

The Application Security Assessment Assistant.

Description

asaa helps you evaluate the security posture of your application by chatting with an AI assistant and answering a series of questions. At the end of the assessment asaa will give you a score and possibly some recommendations for improving your app's security posture.

At the core of asaa is a questionnaire represented as a state machine. The series of questions is determined by the answers given; questions that are not relevant based on the answers previously given are not asked. When all answers are provided, the state machine can provide a score (based on a predetermined weighting for each possible answer), and a list of the (up to) 3 questions where an improvement would have the biggest impact on the overall score.

asaa used the ChatGPT Assistants API to provide a conversational interface on top of this state machine. The ChatGPT assistant has access to functions that allow it to fetch the next question to ask, record answers and retrieve the score and top questions for improvement.

Getting started

You will need an Open AI API key to run asaa. This needs to be set as an environment variable (I recommend using direnv):

export OPENAI_API_KEY=<YOUR-KEY-HERE>

You can also set the model to use:

export ASAA_OPENAI_MODEL="gpt-4-turbo"

The default is gpt-3.5-turbo.

I recommend installing into a virtualenv:

python -mvenv .venv
source .venv/bin/activate

Install using pip:

pip install -r requirements.txt

This installs the asaa CLI. To start an assessment:

asaa start

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

asaa-0.1.2.tar.gz (7.2 kB view details)

Uploaded Source

Built Distribution

asaa-0.1.2-py3-none-any.whl (7.8 kB view details)

Uploaded Python 3

File details

Details for the file asaa-0.1.2.tar.gz.

File metadata

  • Download URL: asaa-0.1.2.tar.gz
  • Upload date:
  • Size: 7.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for asaa-0.1.2.tar.gz
Algorithm Hash digest
SHA256 d1f64a7b35ac33e6ddb994eb4b9f0996e29068be63fb6aca350f236b7e0857f7
MD5 f1315944efcb42f8937d2da52a8e538d
BLAKE2b-256 8cd44df1b40f6803a9028d166789d9e20753fe3ec11145f1e28d02cda1f786a0

See more details on using hashes here.

File details

Details for the file asaa-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: asaa-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 7.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for asaa-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 486ae2686ea53450aee8fc01bfd2f4a7ab8d1d78a70d4e74beb5d229ceb4d6ac
MD5 2750fce48852980a8adbf1fd03b356ef
BLAKE2b-256 62cca77c39f777e5e7bf45efc6583bfc668396007d97b1c58bef449669182ce0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page