The OWASP Web Security Testing Guide includes a “best practice” penetration testing framework which users can implement in their own organizations and a “low level” penetration testing guide that describes techniques for testing most common web application and web service security issues.
|size (curr.)||6453 kB|
|license||Creative Commons Attribution Share Alike 4.0 International|
OWASP Web Security Testing Guide
Welcome to the official repository for the Open Web Application Security Project (OWASP) Web Security Testing Guide (WSTG). The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of security professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.
We are currently working on release version 5.0. You can read the current document here on GitHub.
For the last stable release, view the previous version 4.0.
- OWASP Web Security Testing Guide
Contributions, Feature Requests, and Feedback
We are actively inviting new contributors! To start, read the contribution guide.
This project is only possible thanks to the work of many dedicated volunteers. Everyone is encouraged to help in ways large and small. Here are a few ways you can help:
- Read the current content and help us fix any spelling mistakes or grammatical errors.
- Choose an existing issue and submit a pull request to fix it.
- Open a new issue to report an opportunity for improvement.
To learn how to contribute successfully, read the contribution guide.
Successful contributors appear on the project’s list of authors, reviewers, or editors.
Chat With Us
We’re easy to find on Slack:
Feel free to ask questions, suggest ideas, or share your best recipes.
You can @ us on Twitter @owasp_wstg.
You can also join our Google Group.