For a collection of security cheat sheets, the strongest matches are owasp/wstg (This repository provides a comprehensive, industry-standard framework and structured), fallibleinc/security-guide-for-developers (This repository provides a structured, checklist-driven approach to application) and owasp/top10 (This repository is the industry-standard reference for web application). trimstray/the-practical-linux-hardening-guide and owasp/go-scp round out the shortlist. Each is ranked by relevance to your query, popularity and recent activity.
Explore the best security cheat sheets for developers. Compare top-rated resources by topic, language, and use case to find the best fit for you.
The Web Application Security Testing Guide is an open-source security testing standard and comprehensive framework of procedures for identifying vulnerabilities in web applications and services. It serves as a vulnerability assessment methodology and a web API security audit framework, providing a structured approach for conducting consistent and thorough security audits of web-based software. The project utilizes a methodology-based audit framework and checklist-driven workflows to ensure repeatable discovery and exploitation steps. It organizes security tests through taxonomy-based vulnerab
This repository provides a comprehensive, industry-standard framework and structured checklist for web application security testing, directly addressing the need for authoritative guidance on vulnerability assessment and security best practices.
This project is a web application security guide and developer training resource. It serves as a secure coding framework and vulnerability remediation manual, providing software engineers with the tools to identify, prioritize, and fix common security holes across different application layers. The resource utilizes a structured verification framework and security audit checklists to systematically find vulnerabilities. It features a technical reference that maps specific security flaws to step-by-step instructions for remediation, supported by vulnerability statistics to help determine which
This repository provides a structured, checklist-driven approach to application security and vulnerability remediation, serving as a practical reference guide for developers to implement secure coding practices.
This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in dep
This repository is the industry-standard reference for web application security risks, providing the structured guidance, vulnerability assessment methodology, and hardening recommendations required to implement robust security practices.
This project is a comprehensive Linux server hardening guide and infrastructure documentation resource. It provides a set of validated security baselines and step-by-step instructions for implementing security controls and configuration best practices to protect production environments. The guide focuses on aligning systems with industry-standard security benchmarks, specifically those provided by the Center for Internet Security and Security Technical Implementation Guides. It includes a framework for using OpenSCAP to scan system configurations, verify compliance against reference profiles,
This repository provides a comprehensive, structured reference guide for Linux infrastructure hardening and compliance, directly addressing the need for actionable security benchmarks and configuration best practices.
Go-SCP is a secure coding guide and vulnerability prevention framework for the Go programming language. It serves as a technical manual for implementing defensive programming patterns and security benchmarks to prevent common software vulnerabilities. The project functions as a static security reference, mapping known software weaknesses to specific Go remediation patterns. It provides a curated repository of secure coding standards and vetted implementation practices specifically focused on web application security. The framework covers security auditing by comparing source code against est
This repository provides a structured, curated reference guide for secure coding practices and vulnerability prevention specifically tailored for the Go programming language, fitting the category of a security knowledge base.
The Mobile Application Security Testing Guide is a comprehensive manual and compliance framework for verifying the security of mobile applications. It provides a standardized reference for identifying and validating common software security weaknesses and performing reverse engineering based on industry standards. The project provides a structured set of technical processes and checklists used to audit applications against established security weakness enumerations. It encompasses guidance for analyzing application binaries and runtime behavior to identify hidden functionality and security ga
This repository provides a comprehensive, structured reference guide and set of checklists specifically for mobile application security, which aligns with the core intent of security best practices and compliance verification.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
This repository is the definitive collection of structured, actionable security cheat sheets that directly address application hardening, infrastructure security, and compliance standards for developers and security professionals.
This project serves as a centralized, community-driven repository of technical knowledge and administrative resources. It provides a structured taxonomy that aggregates disparate information into a searchable framework, supporting continuous learning and rapid problem-solving for system administrators and cybersecurity practitioners. By mapping resources across offensive security, infrastructure management, and software development, it offers a unified path for skill acquisition and professional reference. The project is defined by a command-line-first design philosophy, prioritizing terminal
This repository acts as a comprehensive, community-curated collection of security-focused cheat sheets, checklists, and technical resources that directly address the visitor's need for structured security best practices and infrastructure hardening guides.
Mindmap is a cybersecurity knowledge base and reference library that organizes security tools, frameworks, and methodologies into a visual knowledge map. It functions as a curated directory of cheat sheets and command guides for offensive and defensive security operations, presented as a hierarchical interface with collapsible nodes. The project converts structured markdown files into navigable visual trees to facilitate the study of penetration testing workflows and DevOps learning roadmaps. It also serves as a security compliance framework, providing structured mappings of NIST and ISO 2700
This repository serves as a comprehensive, structured knowledge base and visual reference guide for security methodologies, compliance frameworks, and infrastructure hardening practices, directly addressing the need for organized security documentation.
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
This repository provides a structured, modular curriculum and comprehensive reference material covering core security domains, making it a highly relevant resource for implementing security best practices and infrastructure hardening.
This project is a technical reference knowledge base and developer cheat sheet repository. It functions as a searchable collection of quick-reference guides, CLI command patterns, and code snippets for various operating systems, cloud platforms, and infrastructure tools. The system operates as a markdown-based technical knowledge base, where content is stored in plain text files and rendered as a static site. This approach enables a personal knowledge management system that utilizes version control and a directory-based navigation hierarchy to organize technical notes for long-term retrieval.
This repository provides a structured collection of technical reference guides and command-line cheat sheets that cover infrastructure and development topics, serving as a practical knowledge base for security best practices.
This project is a curated collection of technical cheat sheets and quick-reference guides designed to assist with daily software development tasks. It functions as a static knowledge base, providing concise summaries of programming language syntax, database query commands, and common software tool patterns. The repository organizes these technical notes as version-controlled markdown files, allowing for rapid access to essential information without the need for extensive documentation searches. By maintaining these references in a centralized, repository-driven format, the project helps reduc
This repository serves as a collection of structured cheat sheets covering various security domains, providing the reference material needed to implement best practices across infrastructure and application development.
This project provides a comprehensive technical framework for developers building software applications that handle protected health information. It serves as a guide for navigating the legal and technical requirements necessary to ensure that applications and their underlying infrastructure adhere to mandatory health data privacy standards. The guide distinguishes itself by addressing the full spectrum of compliance, from identifying regulatory obligations and business associate requirements to implementing specific technical and physical safeguards. It offers detailed strategies for securin
This repository provides a structured guide specifically focused on implementing security and compliance standards for developers, serving as a specialized reference for meeting regulatory requirements in application development.
This project provides a collection of architectural guidelines and operational standards for building secure, maintainable, and scalable server-side software systems. It establishes a framework for implementing consistent development environments, system observability, and data security practices across distributed application environments. The repository focuses on standardizing software engineering conventions to ensure environment parity and system transparency. It covers the implementation of aggregated health monitoring, request throttling, and secure data handling, including the use of
This repository provides a structured collection of backend development best practices that covers several key areas of application security, serving as a practical reference guide for developers.
Micro8 is a security auditing knowledge base and penetration testing resource library. It serves as a curated collection of guides and documentation focused on vulnerability assessment. The project provides educational content and study guides for manual source code review, domain escalation, and internal network auditing. It includes a toolkit of reference materials for analyzing network traffic logs and identifying brute-force patterns. The library covers technical domains including web penetration testing and privilege escalation. It organizes these materials through PDF-based knowledge r
This repository serves as a comprehensive knowledge base and curated collection of security auditing guides, providing the structured reference material needed for vulnerability assessment and technical security analysis.
HackTricks is a comprehensive cybersecurity knowledge base and wiki designed to support ethical hacking, penetration testing, and infrastructure security auditing. It serves as a structured reference guide for security professionals, providing detailed documentation on common vulnerabilities, attack vectors, and remediation strategies across diverse software and network environments. The project distinguishes itself by offering actionable methodologies for identifying and analyzing security flaws. It functions as a centralized repository for security research, enabling practitioners to study
This repository serves as a comprehensive, structured knowledge base for security professionals, providing detailed methodologies and remediation strategies that align well with the need for reference guides on infrastructure and application security.
Learn-Web-Hacking is a structured web security study guide and penetration testing knowledge base. It provides a collection of research notes focused on identifying and exploiting vulnerabilities in web applications and network protocols. The project includes specialized frameworks for evaluating security risks in large language models to prevent prompt injection, as well as guides for hardening cloud-native infrastructure, including container standards and orchestration tools. It also covers the analysis of identity standards and authentication protocols. The material spans a broad range of
This repository provides a comprehensive, structured knowledge base covering web application security, infrastructure hardening, and protocol analysis, serving as a practical reference guide for implementing security best practices.
| Repository | Stars | Sprache | Lizenz | Letzter Push |
|---|---|---|---|---|
| owasp/wstg | 9.5K | — | CC-BY-SA-4.0 | |
| fallibleinc/security-guide-for-developers | 21.1K | — | — | |
| owasp/top10 | 5.3K | HTML | other | |
| trimstray/the-practical-linux-hardening-guide | 10.5K | — | MIT | |
| owasp/go-scp | 5.3K | Go | CC-BY-SA-4.0 | |
| owasp/owasp-mstg | 13K | Python | CC-BY-SA-4.0 | |
| owasp/cheatsheetseries | 32.3K | Python | CC-BY-SA-4.0 | |
| trimstray/the-book-of-secret-knowledge | 228.6K | — | MIT | |
| ignitetechnologies/mindmap | 8.7K | — | — | |
| microsoft/security-101 | 6.2K | HTML | cc0-1.0 |