OWASP Developer Guide

Cheat Sheet Series

5.1.3 Cheat Sheet Series

The OWASP Cheat Sheet Series provide a concise collection of high value information on a wide range of specific application security topics. The cheat sheets have been created by a community of application security professionals who have expertise in each specific topic.

The Cheat Sheet Series documentation project is an OWASP Flagship Project which is constantly being kept up to date.

What are the Cheat Sheets?

The OWASP Cheat Sheets are a common body of knowledge created by the software security community for a wide audience that is not confined to the security community.

The Cheat Sheets are a series of self contained articles written by the security community on a specific subject within the security domain. The range of topics covered by the cheat sheets is wide, almost from A to Z: from AJAX Security to XS (Cross Site) vulnerabilities. Each cheat sheet provides an introduction to the subject and provides enough information to understand the basic concept. It will then go on to describe its subject in more detail, often supplying recommendations or best practices.

Why use them?

The OWASP Cheat Sheet Series provide developers and security engineers with most, and perhaps all, of the information on security topics that they will need to do their job. In addition the Cheat Sheets are regarded as authoritative: it is recommended to follow the advice in these Cheat Sheets. If a web application does not follow the recommendations in a cheat sheet, for example, then the implementation could be challenged during testing or review processes.

How to use them

The OWASP Spotlight series provides a good overview of using this documentation: ‘Project 4 - Cheat Sheet Series’.

There are a lot of cheat sheets in the OWASP Cheat Sheet Series; 91 of them as of March 2024 and this number is set to increase. The OWASP community recognises that this may become overwhelming at first, and so has arranged them in various ways:

The cheat sheets are continually being updated and are always open to contributions from the security community.

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.