The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Welcome to the official repository for the Open Worldwide Application Security Project® (OWASP®) Web Security Testing Guide (WSTG). The WSTG is a comprehensive guide to testing the security of …

The rest of this guide is organized as follows: this introduction covers the pre-requisites of testing web applications and the scope of testing. It also covers the principles of successful testing and testing …

[1] This version of the Testing Guide integrates with the two other flagship OWASP documentation products: the Developers Guide and the Code Review Guide. To achieve this we aligned the testing …

Apr 4, 2025 · Comprehensive guide to OWASP Testing: its definition, methodology, testing phases, and best practices for web application security. Learn how to implement OWASP security testing effectively.

[Unreleased 4.3] [Version 4.2] - 2020-12-03 Version 4.2 introduces new testing scenarios, updates existing chapters, and offers an improved writing style and chapter layout. Download the v4.2 PDF here.

Dec 21, 2024 · What is OWASP penetration testing and why is it important? Penetration testing based on OWASP methodology is a systematic security assessment approach that identifies vulnerabilities …

Testing Checklist The following is the list of items to test during the assessment: Note: The Status column can be set for values similar to "Pass", "Fail", "N/A".

WSTG - v4.2 on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Dec 5, 2025 · The OWASP Testing Guide is one of the most widely adopted frameworks for conducting web application penetration testing. Developed by the Open Web Application Security Project …