Wstg | Awesome Repository

The Web Application Security Testing Guide is an open-source security testing standard and comprehensive framework of procedures for identifying vulnerabilities in web applications and services. It serves as a vulnerability assessment methodology and a web API security audit framework, providing a structured approach for conducting consistent and thorough security audits of web-based software.

The project utilizes a methodology-based audit framework and checklist-driven workflows to ensure repeatable discovery and exploitation steps. It organizes security tests through taxonomy-based vulnerability classification and modular domain decomposition, splitting the testing process into distinct focus areas such as authentication and input validation.

The framework covers broad capability areas including web application security testing, web service security auditing, and API security testing. It integrates scenario-based security testing and guideline-based remediation mapping to connect identified vulnerabilities to specific mitigation strategies.

Features

Web Security Auditing - Provides a comprehensive set of procedures and frameworks for systematically auditing the security of web applications.
Security Audit Workflows - Provides structured sequences of verification steps for conducting systematic security audits of web applications.
Web Security Audit - Implements a repeatable sequence of discovery and exploitation steps to identify weaknesses in web services.

Features

Web Security Auditing - Provides a comprehensive set of procedures and frameworks for systematically auditing the security of web applications.
Security Audit Workflows - Provides structured sequences of verification steps for conducting systematic security audits of web applications.
Web Security Audit - Implements a repeatable sequence of discovery and exploitation steps to identify weaknesses in web services.