You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
OWASP / wstg Public
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Notifications You must be signed in to change notification settings
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Go to fileWelcome to the official repository for the Open Web Application Security Project® (OWASP®) Web Security Testing Guide (WSTG). The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of security professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world. We are currently working on release version 5.0. You can read the current document here on GitHub. For the last stable release, check release 4.2. Also available online.
Each scenario has an identifier in the format WSTG-- , where: 'category' is a 4 character upper case string that identifies the type of test or weakness, and 'number' is a zero-padded numeric value from 01 to 99. For example: WSTG-INFO-02 is the second Information Gathering test.
The identifiers may change between versions. Therefore, it is preferable that other documents, reports, or tools use the format: WSTG--- , where: 'version' is the version tag with punctuation removed. For example: WSTG-v42-INFO-02 would be understood to mean specifically the second Information Gathering test from version 4.2.
If identifiers are used without including the element, they should be assumed to refer to the latest Web Security Testing Guide content. As the guide grows and changes this becomes problematic, which is why writers or developers should include the version element.
Linking to Web Security Testing Guide scenarios should be done using versioned links not stable or latest , which will change with time. However, it is the project team's intention that versioned links do not change. For example: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.html . Note: the v42 element refers to version 4.2.
We are actively inviting new contributors! To start, read the contribution guide.
This project is only possible thanks to the work of many dedicated volunteers. Everyone is encouraged to help in ways large and small. Here are a few ways you can help:
To learn how to contribute successfully, read the contribution guide.
We're easy to find on Slack:
Feel free to ask questions, suggest ideas, or share your best recipes.
You can @ us on Twitter @owasp_wstg.
You can also join our Google Group.