OWASP Cheat Sheet Series

OWASP Flagship Cheat Sheet Series Github Stars CSCounterBadge LicenseBadge

Our Goal

The OWASP Cheat Sheet Series was created to provide a set of simple good practice guides for application developers and defenders to follow. Rather than focused on detailed best practices that are impractical for many developers and applications, they are intended to provide good practices that the majority of developers will actually be able to implement.

The cheat sheets are available on the main website at https://cheatsheetseries.owasp.org.

If you wish to contribute to the cheat sheets, or to suggest any improvements or changes, then please do so via the issue tracker on the GitHub repository. Alternatively, join us in the #cheetsheats channel on the OWASP Slack (details in the sidebar).

Bridge between the projects OWASP Proactive Controls, OWASP ASVS, and OWASP CSS

A work channel has been created between OWASP Proactive Controls (OPC), OWASP Application Security Verification Standard (ASVS), and OWASP Cheat Sheet Series (OCSS) using the following process:

  • When a Cheat Sheet is missing for a point in OPC/ASVS, then the OCSS will handle the missing and create one. When the Cheat Sheet is ready, then the reference is added by OPC/ASVS.
  • If a Cheat Sheet exists for an OPC/ASVS point but the content do not provide the expected help then the Cheat Sheet is updated to provide the required content.

The reason of the creation of this bridge is to help OCSS and ASVS projects by providing them:

  • A consistent source for the requests regarding new Cheat Sheets.
  • A shared approach for updating existing Cheat Sheets.
  • A usage context for the Cheat Sheet and a quick source of feedback about the quality and the efficiency of the Cheat Sheet.

It is not mandatory that a request for a new Cheat Sheet (or for an update) comes only from OPC/ASVS, it is just an extra channel.

Requests from OPC/ASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.

Project Leaders

Core Team

Contributors V1

Paweł Krawczyk, Mishra Dhiraj, Shruti Kulkarni, Torsten Gigler, Michael Coates, Jeff Williams, Dave Wichers, Kevin Wall, Jeffrey Walton, Eric Sheridan, Kevin Kenan, David Rook, Fred Donovan, Abraham Kang, Dave Ferguson, Shreeraj Shah, Raul Siles, Colin Watson, Neil Matatall, Zaur Molotnikov, Manideep Konakandla, Santhosh Tuppad and many more!

Contributors V2

GitHub Contributors Graph.