The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals. The WSTG is a …

This section describes the OWASP web application security testing methodology and explains how to test for evidence of vulnerabilities within the application due to deficiencies with …

WSTG - Stable on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

WSTG - Latest on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, …

Nov 6, 2025 · The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to …

With so many techniques and approaches to testing the security of web applications, it can be difficult to understand which techniques to use or when to use them.

Free version at http://www.owasp.org 2 The Open Web Application Security Project (OWASP) is a worldwide free and open com- munity focused on improving the security of application …

Nov 19, 2025 · OWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to …

If your project has a web application component, we recommend running automated scans against it to look for vulnerabilities. OWASP maintains a page of known DAST Tools, and the …