OWASP Cheat Sheet Series

OWASP Flagship Cheat Sheet Series Github Stars CSCounterBadge LicenseBadge

Our Goal

The OWASP Cheat Sheet Series (OCSS) was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.

If you have any questions about the OWASP Cheat Sheet Series, please email the project leader Jim Manico, contact us on the project’s Slack channel, or on our Google Group (Slack is highly preferred over the Google Group).

The archives of the old mailing list can be consulted here.

Official Website

The official website where the cheat sheets are hosted is at https://cheatsheetseries.owasp.org.

Migration to GitHub

The project has been fully migrated to GitHub.

This page is used as the OWASP homepage of the project, all the project’s content is hosted on the OCSS GitHub repository and we work only from this repository, the wiki is not used anymore.

The OCSS GitHub repository is used for the work on the cheat sheets, and the released ones are deployed on the official website.

So, from now on, only a GitHub account is needed to contribute :)

Bridge between the projects OWASP Proactive Controls, OWASP ASVS, and OWASP CSS

A work channel has been created between OWASP Proactive Controls (OPC), OWASP Application Security Verification Standard (OASVS), and OWASP Cheat Sheet Series (OCSS) using the following process:

  • When a Cheat Sheet is missing for a point in OPC/OASVS, then the OCSS will handle the missing and create one. When the Cheat Sheet is ready, then the reference is added by OPC/OASVS.
  • If a Cheat Sheet exists for an OPC/OASVS point but the content do not provide the expected help then the Cheat Sheet is updated to provide the required content.

The reason of the creation of this bridge is to help OCSS and OASVS projects by providing them:

  • A consistent source for the requests regarding new Cheat Sheets.
  • A shared approach for updating existing Cheat Sheets.
  • A usage context for the Cheat Sheet and a quick source of feedback about the quality and the efficiency of the Cheat Sheet.

It is not mandatory that a request for a new Cheat Sheet (or for an update) comes only from OPC/OASVS, it is just an extra channel.

Requests from OPC/OASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.

Core Team

Contributors V1

Paweł Krawczyk, Mishra Dhiraj, Shruti Kulkarni, Torsten Gigler, Michael Coates, Jeff Williams, Dave Wichers, Kevin Wall, Jeffrey Walton, Eric Sheridan, Kevin Kenan, David Rook, Fred Donovan, Abraham Kang, Dave Ferguson, Shreeraj Shah, Raul Siles, Colin Watson, Neil Matatall, Zaur Molotnikov, Manideep Konakandla, Santhosh Tuppad and many more!

Contributors V2

GitHub Contributors Graph.