The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Welcome to the official repository for the Open Worldwide Application Security Project® (OWASP®) Web Security Testing Guide (WSTG). The WSTG is a comprehensive guide to testing the security of …

The rest of this guide is organized as follows: this introduction covers the pre-requisites of testing web applications and the scope of testing. It also covers the principles of successful testing and testing …

[1] This version of the Testing Guide integrates with the two other flagship OWASP documentation products: the Developers Guide and the Code Review Guide. To achieve this we aligned the testing …

The OWASP Testing Framework Overview Phase 1: Before Development Begins Phase 2: During Definition and Design Phase 3: During Development Phase 4: During Deployment Phase 5: …

Apr 4, 2025 · Comprehensive guide to OWASP Testing: its definition, methodology, testing phases, and best practices for web application security. Learn how to implement OWASP security testing effectively.

Before you start contributing, please read our contribution guide which should help you get started and follow our best practices. Whenever you identify a contribution possibility, open up an issue with it in …

This section describes the OWASP web application security testing methodology and explains how to test for evidence of vulnerabilities within the application due to deficiencies with identified security …

This OWASP Web Security Testing Guide covers the OWASP testing framework, its scope, the principles of successful testing, and its techniques. It also covers reporting best practices and testing …

WSTG - v4.2 on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.