OWASP Web Security Testing Guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.
We are currently working on release version 5.0. You can read the current document in our official GitHub repository.
17th September, 2014: Release of v4
Download the v4 PDF here.
A printed book is also made available for purchase.
16th December, 2008: Release of v3
Download the v3 PDF here.
6th November, 2008: Preview of v3
View a presentation (PPT) previewing the release at the OWASP EU Summit 2008 in Portugal.
10th February, 2007: Release of v2
Download the v2 PDF here.
14th July, 2004: Release of the “OWASP Web Application Penetration Checklist”
Download the v1.1 PDF here.
10th December, 2004: Release of v1
Download the v1 PDF here.
Historical archives of the Mailman owasp-testing mailing list are available to view or download.
How can I help?
We are actively inviting new contributors to help keep the WSTG up to date! You can get started at our official GitHub repository.
How can I contact you?
To report issues or make suggestions for the WSTG, please use GitHub Issues.
For everything else, we’re easy to find on Slack:
You can @ us on Twitter @owasp_wstg.