OWASP Cheat Sheet Series

OWASP Flagship Cheat Sheet Series Github Stars CSCounterBadge Creative Commons License

Our Goal


The OWASP Cheat Sheet Series was created to provide a set of simple good practice guides for application developers and defenders to follow. Rather than focused on detailed best practices that are impractical for many developers and applications, they are intended to provide good practices that the majority of developers will actually be able to implement.

The cheat sheets are available on the main website at https://cheatsheetseries.owasp.org.

If you wish to contribute to the cheat sheets, or to suggest any improvements or changes, then please do so via the issue tracker on the GitHub repository. Alternatively, join us in the #cheetsheats channel on the OWASP Slack (details in the sidebar).

Bridge between the projects OWASP Proactive Controls, OWASP ASVS, and OWASP CSS

A work channel has been created between OWASP Proactive Controls (OPC), OWASP Application Security Verification Standard (ASVS), and OWASP Cheat Sheet Series (OCSS) using the following process:

  • When a Cheat Sheet is missing for a point in OPC/ASVS, then the OCSS will handle the missing and create one. When the Cheat Sheet is ready, then the reference is added by OPC/ASVS.
  • If a Cheat Sheet exists for an OPC/ASVS point but the content do not provide the expected help then the Cheat Sheet is updated to provide the required content.

The reason of the creation of this bridge is to help OCSS and ASVS projects by providing them:

  • A consistent source for the requests regarding new Cheat Sheets.
  • A shared approach for updating existing Cheat Sheets.
  • A usage context for the Cheat Sheet and a quick source of feedback about the quality and the efficiency of the Cheat Sheet.

It is not mandatory that a request for a new Cheat Sheet (or for an update) comes only from OPC/ASVS, it is just an extra channel.

Requests from OPC/ASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.

Contributors V1

  • From 2014 to 2018: V1 - Initial version of the project hosted on the OWASP WIKI.

Contributors V2

Special thanks

A special thank you to the following people for their help provided during the migration:

  • Dominique Righetto: For his special leadership and guidance.
  • Elie Saad: For valuable help in updating the OWASP Wiki links for all the migrated cheat sheets and for years of leadership and other project support.
  • Jakub Maćkowski: For valuable help in updating the OWASP Wiki links for all the migrated cheat sheets.