# owasp/wstg

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/owasp-wstg).**

9,473 stars · 1,627 forks · CC-BY-SA-4.0

## Links

- GitHub: https://github.com/OWASP/wstg
- Homepage: https://owasp.org/www-project-web-security-testing-guide/
- awesome-repositories: https://awesome-repositories.com/repository/owasp-wstg.md

## Topics

`application-security` `appsec` `best-practices` `bugbounty` `guide` `hacking` `hacktoberfest` `owasp` `penetration-testing` `pentesting` `security`

## Description

The Web Application Security Testing Guide is an open-source security testing standard and comprehensive framework of procedures for identifying vulnerabilities in web applications and services. It serves as a vulnerability assessment methodology and a web API security audit framework, providing a structured approach for conducting consistent and thorough security audits of web-based software.

The project utilizes a methodology-based audit framework and checklist-driven workflows to ensure repeatable discovery and exploitation steps. It organizes security tests through taxonomy-based vulnerability classification and modular domain decomposition, splitting the testing process into distinct focus areas such as authentication and input validation.

The framework covers broad capability areas including web application security testing, web service security auditing, and API security testing. It integrates scenario-based security testing and guideline-based remediation mapping to connect identified vulnerabilities to specific mitigation strategies.

## Tags

### Security & Cryptography

- [Web Security Auditing](https://awesome-repositories.com/f/security-cryptography/web-application-security/web-security-auditing.md) — Provides a comprehensive set of procedures and frameworks for systematically auditing the security of web applications. ([source](https://github.com/owasp/wstg#readme))
- [Web Security Audit](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/penetration-testing-ethical-hacking/bug-bounty-platforms/methodologies/web-security-audit.md) — Implements a repeatable sequence of discovery and exploitation steps to identify weaknesses in web services.
- [Vulnerability Assessment and Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing.md) — Provides a structured methodology for identifying security gaps through repeatable scenarios and verification steps.
- [API Security Checklists](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/api-security-checklists.md) — Provides detailed checklists and methodologies specifically for evaluating the security posture of APIs. ([source](https://github.com/owasp/wstg#readme))
- [Security Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing.md) — Defines specific attack patterns and expected outcomes to verify the security posture of web applications.
- [Vulnerability Assessment Frameworks](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/reconnaissance-assessment-platforms/vulnerability-assessment-frameworks.md) — Provides a systematic framework to discover and document security risks in web applications.
- [Web Application Penetration Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/web-application-penetration-testing.md) — Offers a standardized approach for identifying and validating security flaws in web services. ([source](https://github.com/owasp/wstg#readme))
- [Web Application Security Testing Guides](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/web-application-security-testing-guides.md) — Provides a comprehensive framework of procedures and best practices for identifying vulnerabilities in web applications and services.
- [API Security Audit Frameworks](https://awesome-repositories.com/f/security-cryptography/web-application-security/web-security-auditing/api-security-audit-frameworks.md) — Provides a dedicated framework of methodologies and checklists for evaluating API security postures.
- [Remediation Guides](https://awesome-repositories.com/f/security-cryptography/security-guides/security-guidance-summaries/remediation-guides.md) — Provides actionable documentation and guidance for resolving identified security vulnerabilities using industry best practices.
- [Software Security Standards](https://awesome-repositories.com/f/security-cryptography/security/computer-security-principles/software-security-standards.md) — Serves as a community-driven standard for conducting consistent and thorough audits of web-based software.

### Education & Learning Resources

- [Security Audit Workflows](https://awesome-repositories.com/f/education-learning-resources/engineering-checklists/automated-validation-checklists/security-audit-workflows.md) — Provides structured sequences of verification steps for conducting systematic security audits of web applications.

### Software Engineering & Architecture

- [Classification Taxonomies](https://awesome-repositories.com/f/software-engineering-architecture/classification-taxonomies.md) — Uses a hierarchical classification system to organize security tests for systematic auditing.